Cybersecurity experts are sounding the alarm after the verified X (formerly Twitter) account of the New York Post (NYP) was reportedly hijacked and used to target cryptocurrency enthusiasts.
On May 3, Alex Katz, founder and CEO of cybersecurity firm Kerberus, shared a screenshot revealing the scam in action. The compromised NYP account was allegedly used to send deceptive direct messages posing as outreach from investigative journalists.
The fraudulent message read:
“We’re lining up new guests for our podcast and would love to feature you in an upcoming episode.”
Multiple X users reported receiving the same message. According to these reports, recipients were then blocked from replying and encouraged to continue the conversation via a Telegram account—likely a move to avoid detection by the actual NYP team and redirect victims to a potential crypto-related scam.
Drew, a cybersecurity expert, NFT collector, and founder of Drew Security, noted that scammers are evolving their tactics. Instead of openly sharing malicious links, they now rely on the implicit trust built through private conversations. This personalized approach makes it harder for users to identify red flags.
There is also speculation that scammers may be attempting to exploit vulnerabilities in third-party platforms like Zoom, possibly install malware or steal sensitive data.
At this time, it remains unclear how the attackers gained access to the NYP account or how many individuals were contacted. The New York Post has yet to issue a public statement.
Cybersecurity professionals urge users to remain vigilant, especially when asked to switch communication platforms, even if messages come from verified or familiar accounts. Compromised accounts can be used to manipulate trust and execute sophisticated scams.