As many of you know, there's been a few focused attempts at spamming the fediverse with crypto offers. The wat this is currently happening is that someone is registering hundreds or thousands of accounts on an instance (first it was mastodon.social, and most recently mastodon.world) and then proceeding to post messages with links to get your free crypto. These messages are sent using the "mentioned people only" visibility setting, meaning that if you're not tagged in them, you don't know that this issue is happening. It's unclear how spam victims are selected, however it's very likely collecting user names recently appearing in timelines.
Obviously, just like with spam and malicious emails, if you receive one of these messages, you should not click on links - at best it's a scam, and at worst, it's something that will attempt to steal passwords or install malware - usually for the purpose of stealing your identity, your money, and so on. If you receive such a message, simply use the reporting function on your instance to report the spam to your moderators and the moderators of the originating instance.
For this particular tactic, it is prudent to consider disabling direct messages from people you don't follow. To do that, go to settings, preferences, notifications, and check the box next to "Block direct messages from people you don't follow" at the bottom of the screen. It's also possible to block the domain of the spammers, however it's important to note that doing so will remove all your followers and follows on that domain.