- A phishing campaign is targeting X users, experts warn
- Fake login emails are sent to victims
- The aim is to take over accounts and advertise a fraudulent crypto scheme
High-profile accounts on the social media network X (formerly known as Twitter) are being targeted by a phishing campaign, experts have warned.
A report from SentinelLabs outlined how prominent accounts belonging to US political figures, large tech organizations, leading international journalists, and even an X employee, have been attacked via a phishing campaign.
Although the primary targets are large accounts with a high follower account, everyone should be on the lookout for this attack: here’s what we know so far.
Financial objectives
In its report, SentinelLabs notes the aim of the attack is to compromise an account, lock out the legitimate owner, and post fraudulent cryptocurrency opportunities or links to external sites, which are designed to ‘lure additional targets’, most commonly with a crypto-theft related theme.
It seems the attack originates from a range of phishing tactics, one being the notorious login notice. This works by sending the victim an email to notify them their account was accessed from a new device, and that the location of the device was in a foreign city.
From there, a link is provided for users to ‘secure’ their accounts and provide their username and change the account password. This page is fake, and the victims have then unwittingly provided their credentials to a threat actor.
The campaign uses several phishing domains for this, like x-recoversupport[.]com and securelogins-x[.]com, and in some cases, researchers observed the campaign abusing Google’s ‘AMP Cache’ domain in order to bypass email detections and reroute the user to a phishing domain.
The criminal then takes over the account and begins using the accounts audience to advertise cryptocurrency scams. The high profile accounts allow criminals to maximise their financial profit by reaching a wider audience and collecting more victims.
Crypto scams are incredibly dangerous, and lucrative, with the FBI recently estimating in 2024 alone, the scams cost victims more money than ransomware.
Staying safe
To avoid such fraudulent schemes, investors should be ultra-careful that their investment is legitimate. The cryptocurrency market is largely unregulated, which makes it the perfect environment for scammers and criminals - so be sure to heavily research any investments before handing over your data or money.
The key part of this attack is the initial phishing email. Social engineering attacks like phishing are dangerous because they catch users off guard, naturally staying alert is the best defense.
Phishing attacks will prompt victims to reveal their personal information, like logins, credentials, financial information, and more. This puts victims at risk of identity theft or fraud.
It is true that some platforms will email you if there’s an unrecognized sign-in to a new device, which is what makes this campaign so convincing. It’s easy to say that users should be extra careful, but sometimes that’s just not enough, so here are some extra tips to stay protected.
First of all, create a strong and secure password, and crucially do not reuse passwords from one site to another - this helps by quarantining any account that has been breached.
Next, enable multi-factor authentication or MFA, especially for sites that hold medical or financial information. Although this can be a bit of a faff, it's a great extra layer of security and gives you a peace of mind knowing that criminals would struggle that bit more to access your data.
Another thing to look out for is mismatched or suspicious domains. If you receive an email you’re not expecting, especially one prompting action and including a link. Check the spelling of the domain, e.g. Faceb00k rather than Facebook. It’s never a bad idea to Google what the legitimate domain would be, either.
The final thing to look for is odd attachments - if the sender is unknown and the email contains links, images, or documents - this is a red flag. Qr codes are particularly dangerous, so don’t scan anything you’re not certain is safe.
You might also like
- Check out our list of the best firewall software around today
- Scammers have a new phishing trick for iPhone users
- We've also rounded up the best malware removal software on offer right now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
