The Phishing Scam Lots of People Just Fell For

I didn't even realize how eerie my timing was.

When I wrote Parts 1 and 2 in this series — and then published them on X, here and here, respectively — it hadn't even occurred to me yet that there was an internet phishing scam unfolding before my eyes. I hadn't taken the time to look into why I was receiving a suspicious pattern of direct messages on X.

It started with this message:

Hey, I need a quick favor. I’ve been nominated to co-host a major podcast event with Spotify & Google 🎙️, and your vote would really mean a lot to me. Truly grateful for the support 🗳️

I first received this on January 29 from a well-respected researcher and professor — not the sort of person you'd think of as gullible. Since I see that he's posted about it himself, I think it's okay to identify him: Dr. Michael Bailey.

Notably, Dr. Bailey posted about this incident himself from that very same hacked X account on January 27, saying that the hacking began January 26. However, the message I received from him was January 29. In other words, by January 27, he thought he was taking measures to protect himself, but if his account was still sending out scammy messages two days later, he must not have completed the process even when he thought he'd put an end to it. Noting this discrepancy, I've gone ahead and emailed him.

Then, on January 30, I received a similar DM from Brandon Showalter, a journalist and documentary filmmaker. Like Dr. Bailey, Brandon already posted about it here. Also like Dr. Bailey, Brandon isn't exactly considered a gullible midwit.

Next, on January 31, I received similar DMs from three other accounts, none of which have posted since. They might be locked out of their accounts. I won't out them.

That same day — yesterday, January 31 — ironically, I was too busy writing Parts 1 and 2 in this series to notice a perfect example unfolding under my nose. Only in the evening, once I was done with my writing projects, did I decide to look into it.

By that point, here is what had aroused my suspicion:

• What exactly does it mean to co-host a podcast with Spotify and Google? I host a popular podcast on Spotify and no one "nominated" me for any such contest. Anyone can put a podcast on these platforms, so what are we talking about here — sponsorship by executives? Co-hosting with someone famous from one of those companies — and if so, who?
• If the big deal about this contest is an opportunity for a lot of attention from popular media, why were the accounts I was hearing about it from all gender critical people who are normally suspicious of, and ignored by, mainstream media?
• Why am I getting the same message from smaller accounts who don't have experience podcasting as I am from people with major experience in the public eye?
• Also, what the heck is that link? If this really has anything to do with Spotify or Google, why aren't those names in the URL?
• I know techno-optimists have their Moltbots running mass-messaging programs for them, but the people I'm receiving these DMs from don't seem like they'd be in the first wave of users.

So I decided to click on the link and see what it was about. I'm not afraid to click on links — I'm afraid of what's downstream of poor decisions made on those sites.

Here's what you see at the top of the page:

Okay...

Scroll down:

Uh, okay...

Down...

And that's it. Not much, right? Very vague.

But here's what it wants you to do: "vote." Your online acquaintances have just peer-pressured you into it. And maybe you're too rushed to pay attention to how weirdly vague this site really is.

And you get three choices of how to vote: using your Instagram, X, or email account.

So what happens if you click on any of those?

Well, here's the "Instagram" —

And the "X" —

And finally, the "email" —

Do you see the problem yet?

If not, look at the URLs.

You're not actually logging in to your Instagram, X, or email account. You're providing your login credentials to a third party site.

This is called phishing.

And over the past week, a lot of people fell for it. Including very intelligent people.

Here's what happened next. Brandon says here,

What I think happened was that I got an email that was asking that I verify my account with my phone # and it looked like it was from X but it wasn't. Soon enough, I couldn't access my account and the hacker texted me a veiled threat that only he could give me my account.

Who knows how many people this reached, how many login credentials were obtained, and what the bot-powered scammers were able to do with the information they acquired. If not direct financial information, then probably a lot of material for blackmail. We are potentially looking at a multi-million or even -billion dollar scam here.

Like I said yesterday: it's a wild virtual world out there.

I hope reading this humbles someone that needs to be humbled about their online vulnerability. If it can happen to esteemed professor Dr. Michael Bailey and journalist-filmmaker Brandon Showalter, it can happen to you.

Stay safe. We're in a whole new era.

Share this article on X.