Summary
- Scammers exploit Twitter’s rebranding (transition to name “X”) confusion for phishing.
- Twitter Blue users targeted, offered migration to “X,” but scammers gain account access.
- Phishing emails seem genuine, appearing to come from x.com and passing the Security Policy Framework (SPF), and include deceptive authorization link, opening a legitimate API authorization screen.
- Clicking link grants attackers control over victim’s Twitter account settings and content.
- Victims can block access by revoking app authorization in Twitter settings.
- Twitter is aware and “working on a solution.”
Article's Safety Recommendations (probably a bit generic and self-promotional)
- Being cautious with unfamiliar emails, especially attachments or links.
- Verifying URLs by hovering over them.
- Not sharing personal info on suspicious/unknown sites.
- Be careful with attachments and links.
- Using two-factor authentication (2FA) for account security.
- Keeping antivirus software updated to prevent malware.
Edited based on comment from: @[email protected]


Ethical phishing: Email Twitter users, steal their credentials, close their accounts
/jk
… unless