X (formerly Twitter) is one of the most popular social networks in the world. Unsurprisingly, it is also a haven for cybercriminals and scammers. To successfully defend yourself against common X scams, you must first understand what they are, how they work, and why they’re dangerous.
1 Verification Phishing Scams
No social media platform is immune to phishing, a cyberattack in which a threat actor pretends to be someone or something they are not. Scammers on X have almost limitless options for phishing users. For instance, they might use email phishing, which involves sending fraudulent messages to incite the target to enter their credentials.
Here’s one example: in November 2022, shortly after taking control of Twitter (and before he renamed it X), billionaire Elon Musk introduced Twitter Blue (now X Premium), a paid monthly subscription that adds a blue checkmark to a user’s account. As Bleeping Computer reported, scammers quickly took note of this initiative, launching an elaborate phishing attack that aimed to steal the usernames and passwords of users looking to verify their accounts.
Similar phishing campaigns have plagued X since its inception, with cybercriminals developing increasingly inventive ways to obtain user credentials. But regardless of who is at the helm of X, this won’t change, so the best thing you can do as a user is set up two-factor verification and carefully verify each email that claims to be from the social network.
2 Hacked Verified Account Scams
X’s blue checkmark has long been a badge of honor bestowed upon only the most prominent individuals, such as celebrities, politicians, and influencers. On the other hand, cybercriminals have always sought the social proof that comes along with having a blue check. To obtain one, they’ve frequently hacked verified accounts.
For example, in 2020, using a rather simple social engineering technique, a 17-year-old boy hacked X accounts belonging to Microsoft co-founder Bill Gates and then-presidential candidate Joe Biden. Per The Guardian, the teenager was later sentenced to three years in prison, but what he did shows just how easy it is for cybercriminals to hack X accounts, including verified ones.
The teenage boy hacked Biden and Gates’ accounts to ask for a Bitcoin payment, and it’s safe to assume that many people fell for his scam. But this was not an isolated case: breaches happen way too frequently, and it is typically ordinary users who pay the price. This is why it is important to remember that you should never blindly trust an X account—even if it appears like your favorite celebrity is actually posting, make sure you double-check whether their message is legitimate before doing anything.
3 Crypto Scams
Scams are all too common in the crypto space, and many are carried out via X. If you follow cryptocurrency-related accounts, or if you post about crypto from time to time, you have most likely come across one.
There are different types of X crypto scams, some blatantly obvious, and others rather complex. One thing scammers do is impersonate a prominent digital currency influencer or analyst, and then post misleading posts, or even reach out to targets via direct message. Their posts can range from promoting useless cryptocurrencies that are guaranteed to lose value, to pushing fake airdrops and shady services.
Fake crypto giveaways are another scammer favorite. This type of hoax revolves around convincing the target that they will get a large reward as long as they deposit a small amount of cryptocurrency to cover a “fee” or something similar. Of course, if you make the mistake of depositing the money, the scammer will just take your funds and move on to the next victim.
To stay safe from crypto-related scams on X, make sure you carefully vet any information about a particular asset, and only trade on safe cryptocurrency exchanges.
4 Bot Scams
As you may already know, social networks are rife with bots, or computer programs that simulate human behavior. X is no exception. In fact, a 2022 study from the web analytics company Similarweb found that five percent of X users are bots, and established that they create between 21 and 29 percent of content on the network.
Bots are not inherently malicious, but scammers often use them to spread false and misleading information, incite targets to click malicious links, deploy malware, or otherwise harm the user in some way. On X, bots sometimes operate in networks, reposting and liking posts to reach a wider audience.
Some X bots are difficult to spot and seem like regular accounts at first glance, so you should always closely inspect every account that seems suspicious, especially if it spams links in replies to other posts or sends direct messages. If you suspect an account that is interacting with you is a malicious bot, block or mute it and then report it to X.
5 Customer Service Scams
When a service turns sour, who doesn’t like taking to social media to rant about it? It turns out that the next time you do that, a scammer may try to use your anger against you.
There have been reports of scammers adopting fake business handles and looking for people complaining about the target business’ services. They then swoop in to offer help, asking the user to take the correspondence to DMs. There, the scammer will ask for personal information from the user, with which they can access their online or banking accounts. As reported by The Standard, scammers have been particularly fond of impersonating airline support accounts and offering “help” to people with canceled flights.
If you’re approached by a company on X that wants to help you with a recent grievance, be sure to look for telltale signs that it’s fake. A weird-looking handle and no verification are key tip-offs that the account isn’t actually who it says it is. If in doubt, do not reply and use the service’s online support channels instead.
6 Romance Scams
X can be a good place to meet new people, and scammers know this. Some will attempt to fool people into a fake relationship and lead them to believe it’s real. Then, when the time is right, they ask their “partner” for money. Once they’re paid, the scammer can then run with the money… or keep going and see how much more they can take.
If someone is being a little flirtatious with you, check out how to spot and avoid an online dating scammer so you know how to spot scammers. Just remember that cybercriminals can use AI to create convincing romance scams, so be extra careful even if the contact can supply pictures and video.
With X full of so many scams, it can be hard to keep on top of every variant. Now you know some of the most common ones and how to ensure you don’t fall foul of them.
