In this week’s scam, cybercriminals are trying to steal your X (formerly Twitter) login information. They send you an email claiming that someone tried to log into your account from a new device, and you must log into X immediately to verify your account. In another version of this scam, you might receive a different email claiming your account violated copyright laws and that you must submit an appeal.
Both of these emails direct you to click a link to verify your account, which takes you to what appears to be an X login or password reset page. But these pages are actually fake and controlled by cybercriminals trying to trick you into entering your user credentials. If you enter your login information, they will steal it. Then, they can access your account and use it to post links to crypto or financial scams. The cybercriminals will steal your login details and use your account to scam other X users!
Follow these tips to avoid falling victim to a phishing scam:
- If possible, enable two-factor authentication, or 2FA, for your online accounts. 2FA is more secure because it requires two forms of identification to log in to your account.
- Always hover over links in emails to see if they’re legitimate. If you must reset your password, always navigate to the official X website or mobile app.
- Be suspicious of any urgent requests. Cybercriminals often pressure you to act fast to trick you into falling for their scams.