Sophisticated phishing attack takes advantage of Twitter’s name change to X
A new phishing campaign that targets Twitter Blue subscribers is creating a lot of confusion around the platform’s renaming to X. The attack uses a seemingly genuine message that asks subscribers to upgrade their Blue subscription to X.
The email, which appears to have been sent by sales x com, is actually from sendinblue com, a popular CRM and mass emailing platform. This technique allows fake messages to thwart spam filters.
This phishing message contains a link that redirects users to an authorization API page and asks the user to authorize an application that looks like the official one from Twitter. Yet, by granting this permission, the user could allow cybercriminals to have full control over their Twitter account.
If you have fallen victim to this phishing attack, take immediate action to protect your account. Open Twitter settings and select Security & account access. Click on Applications and sessions and choose the Connected applications option. Next, revoke the permission given to the fake Twitter app or any other app that you don’t recognize. Finally, change your Twitter password and enable two-factor authentication.
If you receive a suspicious message purporting to be sent by X, do not click on any links they ask you to follow.