Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

New Phishing Scam Targets X Users with Fake 'New Device Login' Alerts

Fraudsters are employing sophisticated phishing emails to trick X (formerly Twitter) users into revealing their login credentials. These fake alerts mimic genuine security notifications, aiming to steal passwords for further fraudulent activities.

  • Scam emails replicate X's legitimate 'new device login' notifications with high accuracy.
  • The emails prompt users to click links to 'change password' or 'review apps', leading to fake websites.
  • Criminals aim to gain access to X accounts for crypto scams, phishing, and misinformation campaigns.
  • Key giveaways of fake emails include generic sender addresses and the absence of your specific X handle.
  • Users are advised not to click links but instead to open the genuine X app to check for security issues.

Users of the social media platform X, previously known as Twitter, are being targeted by a highly convincing phishing scam designed to steal their account details. The elaborate scheme involves sending emails that appear to be legitimate security alerts, informing recipients of a new login to their account from an unfamiliar device or location.

These fraudulent emails typically state, "We noticed a login to your account from a new device. Was this you?" They often specify a device type, such as "Firefox Desktop on Mac," and a location far from the user's actual residence, for instance, Arizona for a London-based user. The message then urges the recipient to take immediate action, providing links to "complete these steps now to protect your account," which include changing their password or reviewing apps with account access.

While the advice to change passwords and review app access is legitimate, the links provided in these emails are not. Clicking them directs users to fake websites meticulously designed to mimic X's official pages. These fraudulent sites are set up to capture login credentials or to trick users into authorising malicious third-party applications, often under the guise of security or troubleshooting tools, thereby granting scammers direct access to their X accounts.

Jake Moore, a global cybersecurity adviser at ESET, explained that scammers seek either the user's X username and password or to manipulate them into approving a link that provides account access without needing the password. Once compromised, these accounts are typically exploited for various illicit activities, including promoting cryptocurrency scams, launching further phishing attacks, or disseminating misinformation campaigns.

The sophistication of these fake emails makes them particularly dangerous. They often feature the X logo, identical formatting, colours, and even correct grammar and spelling, making them almost indistinguishable from genuine notifications. However, subtle clues can reveal their fraudulent nature, such as the absence of the user's specific X account handle and vague location details. Moore highlights that the most significant indicators are the sender's email address and the actual destination of the embedded links.

X advises that legitimate emails will only originate from @X.com or @e.X.com. The platform explicitly states it will never send emails with attachments, request passwords via email, direct message, or reply, nor ask users to provide their password through these channels. If a user suspects their account has been compromised after clicking a link or entering their password on an unverified site, they should immediately change their X password and ensure two-factor authentication is enabled. X also provides a help guide for compromised accounts and may reset passwords for accounts it believes have been hacked, sending a secure link for a new password.

Why this matters: This scam poses a significant threat to the security and privacy of millions of UK X users, potentially leading to financial loss through scams or the misuse of their online identity for malicious purposes.

What this means for you: What this means for you: If you use X, you could receive one of these highly convincing scam emails. Ignoring suspicious links and verifying security alerts directly through the X app are crucial steps to protect your personal information and account from fraudsters.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.