Hackers Capitalize On X Rebrand Chaos with Twitter Blue Phishing Scam

Twitter Blue users need to be vigilant as convincing phishing scams are fraudulently gaining access to their accounts.

The latest phishing scam targeting Twitter Blue user accounts comes amid the somewhat messy Twitter rebrand to X, with potentially disastrous consequences.

It all started when the signature blue bird disappeared from the social media site on Sunday July 23, giving way for the new X logo. However, the transition hasn’t been plain sailing, with discrepancies between the website and mobile app causing a range of problems for users.

The re-brand is not only plagued with usability issues, the chaos and confusion has created the perfect storm for cybercriminals to launch a phishing campaign. In the scam, Twitter Blue users are contacted by a legitimate-looking email which gives them the opportunity to switch their membership to X, but really only gives the cybercriminals access to their accounts.

How to Spot the Twitter Blue/X Phishing Scam

The email looks convincingly legitimate to even the well trained eye, with the display name ‘sales@x.com.’ The email manages to by-pass SPF authentication, intended for stopping phishing scams by detecting ‘spoofing’, despite the email actually coming from CRM and mailing list platform Brevo. This allows the phishing emails to get around most email providor’s spam filters undetected.

Take back control of your data

Incogni by Surfshark can help you reclaim your information from third-party vendors.

Twitter Blue user who claims they almost fell victim to the scam, revealed that the emails says the victim’s “existing subscription is nearing its expiration and requires migration,” with a link directing users to a completely legitimate API authorization page. This authorization then grants the threat actor access to the victim’s account, enabling them to commit cybercrimes.

The cybercriminal will have a few view-only capabilities, plus the API allows the threat actor to amend followers, update profile and account settings, post and delete Tweets, engage with other Tweets, and more.

What to Do if You Were a Victim of X Scam?

If you think you’ve fallen victim to this convincing cyber scam, it’s important to act quickly to revoke the access the threat actor has to your account (before they can commit a crime under the guise of your account).

Fortunately, revoking API access is an easy process on Twitter. Navigate to Settings > Security and account access > Apps and sessions > Connected apps. This process should be carried out regularly to ensure you haven’t unknowingly granted access at any given time to scammers.

If you find yourself locked out of your Twitter account as a result of these cybercriminals, or are experiencing any other issues as a result of this phishing scam, you should contact Twitter support to ask for their help.

Twitter Rebrand to X, What to Expect?

The revamp is the latest change since the platform’s ubiquitous owner Elon Musk stepped down as CEO, passing the reins to Linda Yaccarino whilst still playing a prominent role in the company.

For now, the logo is the only new thing about X. However, Twitter 2.0 promises an AI-fueled expansion of the site’s capabilities, X aims to follow the logo change with an ambitious foray into online banking and video messaging, among other areas, Yaccarino said.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Abby Ward is a contributor at Tech.co and freelance search engine marketing (SEM) specialist. Since graduating from Kingston University London in 2015 with Bachelor's degree in Journalism with French, she has worked in many areas of digital marketing including website management, SEO, and paid media. Her specialist topics span her professional and personal interests in search social media, ad-tech, education, food & beverage, hospitality, and business.
Explore More See all news
Back to top
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today