Fraudsters are sending convincing fake emails that mimic X’s login alerts to trick users into revealing their passwords. These messages warn of logins from unfamiliar devices and locations, urging users to take immediate action.
Although the emails appear legitimate, they contain malicious links designed to steal credentials or grant scammers direct access to accounts. Such breaches often lead to further fraud, including crypto scams and misinformation campaigns.
You have had an X account for years, since it was known as Twitter. When an email arrives about a new login from a location nowhere near where you live, alarm bells begin to ring.
Related coverage: US Launches Consecutive Air Strikes on Iran as Tehran Strikes Back at Gulf Military Sites.
“We noticed a login to your account from a new device. Was this you?” the email asks.
The location is Arizona, but you live in London. The device is “Firefox Desktop on Mac”.
More context: Pentagon’s New Testosterone Screening Policy Faces Medical Expert Skepticism.
“If this wasn’t you,” the email continues, “complete these steps now to protect your account.”
The steps include clicking a link to change your password, which will end up with you “logged out of all your active X sessions except the one you’re using at this time” and to click another link to review the apps that have access to your account and revoke any that are unfamiliar.
Also read: Oil Tanker Astana Seized by Suspected Somali Pirates Off Yemen Coast.
The steps are legitimate advice from X, but the links to reset your password, or to review app access are not. The email is fake and attempting to trick you into giving scammers your password, or direct access to your X account.
“Scammers want your X username and password, or to trick you into approving a malicious link that gives them access to your account without needing your password,” says Jake Moore, a global cybersecurity adviser at ESET.
Background: Fatal Maine shooting by ICE agent with troubled history sparks scrutiny.
Once the criminals have access to your account they will more than likely use it to attempt to commit further fraud including crypto scams, phishing attacks and misinformation campaigns.
What it looks like
The fake emails are almost an exact replica of legitimate login notifications sent by X. They include the X logo, and the same formatting, colours and copy, with correct grammar and spelling.
Small telltale signs show the email is not legitimate, such as not including your X account handle, and being vague on the location of the login.
“The two biggest giveaways are the email address it comes from, and where the links actually take you,” says Moore.
The social media site says: “X will only send you emails from @X.com or @e.X.com… Please know that X will never send emails with attachments, or request your X password by email … and will never ask you to provide your password via email, direct message or reply.”
If you do click on a link in the email, you will be brought to a fake website designed to steal your password, or to authorise a scammer’s app to access your account directly, often under the guise of a tool for performing a “security audit” or “troubleshooting”.
What to do
“If you ever receive an email like this, it is very normal, but remember not to panic, and don’t click the links to divulge any personal data. Instead, open the genuine app, and if there really is a security issue, you’ll see it there,” Moore says.
Check the email headers and URL links to ensure they are from the X.com domain. You can report fraudulent emails to your email provider using the built-in spam and phishing tools.
“If you clicked on a link, and only opened the page, you’re probably fine,” Moore says. “But if you have ever entered your password, or a one-time passcode to a web address you didn’t check, change your password immediately and double-check you have two-factor authentication turned on.”
If you suspect your X account has been compromised, follow the social media site’s help guide. The company says it may reset the passwords of any account it believes may have been hacked, and will send a secure link sent via email to select a new password.
Related coverage:
No comments yet. Start the discussion.