Twitter's X rebrand: Scam alert!

August 6th · 8 min read

Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|
Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|

Twitter's rebrand to X

On July 23rd, 2023, a single tweet reading “Soon we shall bid adieu to the Twitter brand and, gradually, all the birds” sent shockwaves through the online community, making "Twitter" and "X" the hottest topics on social media. The sudden rebrand of Twitter to the letter “X” by former CEO Elon Musk was a surprise, to say the least - and left many users uncertain about the platform's direction. Apart from confusion and chaos, the rebrand created the perfect storm for scammers to take advantage and exploit unsuspecting Twitter users.

Elon Musk Tweet

In this article, we’ll cover the aftermath of Twitter's abrupt rebranding and how it became a breeding ground for phishing scams. As per usual, we’ll give you some pointers on how to avoid Twitter “X” scams. Tweet Tweet!

Twitter: A brief history

Back in 2006, Jack Dorsey, Evan Williams, Biz Stone, and Noah Glass founded Twitter. The idea for Twitter was born out of Dorsey’s desire for to create a short messaging system (SMS) for a small group of people. The original logo was a blue bird, and the name was a play on a bird's twitter. In essence, Twitter was a free social networking site where you could broadcast short posts known as tweets. These tweets contained text, videos, photos, or links.

Fast forward to today, Twitter has over 350 million users across the world and evolved into one of the most powerful social media platforms on the planet. While some people shrug Twitter off as simply an app that’s used to dish the dirt about celebrities and politicians, it’s actually become a barometer of trends driven by crowds.

Twitter has also helped in elevating voices that were once overlooked, and played a pivotal role in political and social movements, one hashtag at a time—from the Arab Spring to #MeToo and #BlackLivesMatter. It has also revolutionized the speed at which we share information, coming from both established news outlets and everyday individuals, offering everyone a real-time glimpse into unfolding historical events.

Why X? Twitter rebrand

While some people like sports or celebrity gossip, Musk has long had a love for the letter "X". Nothing wrong with loving letters, right? He’s named ventures like his banking startup, x.com, his aerospace company, SpaceX, and even changed his son’s name to X Æ A-XII’s. The sudden Twitter shift to "X" is part of Musk's vision to transform Twitter into a multi-functional "super app," similar to China's popular WeChat. This vision includes potential features for payments, messaging, and calls, expanding the platform's horizons.

On the surface, Twitter's shift to X could be seen as a great business move, and to be honest, who are we to judge? But for crying out loud, Musk, why’d you have to make this shift so sudden? Don’t you know that cybercriminals love taking advantage of confusion and uncertainty? As soon as the news about the rebrand was announced, thousands of phishing attempts, fake “X” sites, and YouTube channels started popping up all over the internet.

The Twitter “X” scam

Following the excitement and confusion of Twitter's rebranding, cybercriminals wasted no time capitalizing on the chaos. Phishing emails flooded users' inboxes, specifically targeting Twitter Blue subscribers (premium users). Scammers got super crafty and made the email look legitimate by using the new “X” logo. The phishing email was on point, and the message made it appear as if Blue subscribers were being offered the chance to switch their memberships to "X."

Twitter X Scam email Source: @fluffypony

Twitter X phishing email

As seen in the email above, the phishing emails used in this scam are expertly crafted to resemble official communications from Twitter. They include links to URLs (addresses) hosted on seemingly unaffiliated domains, so they can cleverly sneak by spam filters and avoid suspicion. When you click the “Transition” blue button on the screen, you’ll be redirected to what appears to be an authentic authorization screen for the official Twitter “X” app. But we all know where this is going….

Once you authorize the app, it’s game over. You basically grant scammers complete control over your Twitter account, allowing them to make tweets and alter your profile. You might be thinking to yourself, OK, big deal, I’ll just open a new account or contact Twitter, and they’ll handle it. But pause for a moment… Put those questionable tweets you sent aside for a sec, and think about all the personal information stored on your account. Your email, mobile number, and possibly your credit card information. In the wrong hands, these details have the power to wreak havoc on your life.

Protect yourself from Twitter phishing scams & other online threats

Start your free 7-day trial today.

Not to freak you out, but once they've taken over your Twitter account, it’s pretty easy to get into your Facebook or Instagram account as well. Assuming you use similar passwords, and let's be honest here, you probably do, right? From there, it’s a short cakewalk to hack other online accounts, like banks, online shopping accounts, government websites, and other social media platforms. What’s even crazier is that they can use your profile to lure your followers and friends to phishing sites and then basically steal their info as well.

Imagine getting a message from a stranger, you’re less likely to press the link and fall for the bait. But if your friend, coworker, or in this case, a scammer impersonating them sends you a link to a website that looks interesting, you’d probably check it out. Enter - theme from “Psycho”. But wait, we’re not only here to tell you about this dramatic scam, we also want to give you some real, concrete ways to protect yourself from them!

Twitter logo

How to avoid Twitter X scams

Follow these 5 tips to protect yourself from Twitter X phishing scams:

Two-factor authentication (2FA)

  1. Two-factor authentication (2FA) adds an extra layer of protection to your account. Once you register, whenever you log in you’ll need to enter a code or a security key in addition to your password. To set up Twitter’s 2FA follow these steps.

Remove shady emails 2. Delete suspicious emails from your inbox, and don’t download any attachments.

Change your password 3. Make sure all of your passwords are strong and unique. We recommend updating them every few months. If you suspect one of your accounts has been hacked, change the password right away.

Contact Twitter directly 4. If your account is ever compromised, contact Twitter and restore account access directly through the platform. You can also email them @TwitterSupport to report any issues, although it might take a while for them to respond or resolve the situation

Always use cybersecurity software 5. Having a security tool that protects your social media accounts and browsing - on desktop and mobile is crucial for your online safety. Guardio is an easy-to-use online software that can keep you safe from phishing attacks, online threats and protect your social media accounts.

How Guardio keeps you safe

  • Identifies senders with a bad reputation (bad actors).
  • Constantly protects your inbox from phishing emails and new threats.
  • Tells you if an email contains links that lead to dangerous sites.
  • Notifies you in real-time if malicious emails bypass your spam filter.
  • Keeps your mobile and desktop secure.
  • Recognizes malicious emails that pose a risk to your personal information.
  • Protects you from data leaks and identity theft.

Guardio eliminates the risk of falling victim to phishing attempts or accidentally engaging with malware.

What actions to take if you’ve fallen victim to the Twitter X scam?

  1. Go to Twitter settings -> Security and account access -> Apps and sessions -> Connected apps -> And revoke app permissions to the fake Twitter app or any that you don’t recognize.
  2. Next, change your Twitter password and enable 2-step authentication (non-SMS if possible, OTP is best).
  3. If you receive a fake email, delete it from your inbox, and don't download any attachments.

To learn more, go to Twitter’s (X) security tips and Help Center.

The abrupt rebranding of Twitter to "X", triggered a flurry of confusion and excitement across the online community. Unfortunately, the unexpected shift also created a golden opportunity for cybercriminals to exploit unsuspecting Twitter users. Scammers wasted no time launching phishing attacks using sophisticated emails.

Falling victim to these phishing scams can be extremely dangerous, as scammers can not only scam your connections on Twitter but also potentially gain access to other sensitive accounts like banks, online shopping, and other social media platforms.

To protect yourself from Twitter "X" scams, we recommend enabling 2FA, deleting suspicious emails from your inbox, and avoiding clicking on any attachments. In addition, it’s always a good idea to make sure that all your passwords are strong and unique and to change them regularly. To make sure you’re always protected online, use reliable cybersecurity software like Guardio. Guardio identifies malicious senders, protects your inbox from phishing attacks, and warns you of dangerous links.

Remember, cybercriminals are always on the lookout for opportunities to get you to click a link, download a file or open an email. If you have Guardio on your side, you’ll be immediately safeguarded from these scammers - For good!

Protect yourself from Twitter phishing scams & other online threats

Start your free 7-day trial today.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like