Four people collaborating to construct a hashtag symbol.

Phishing Scam Targets X Users

X users who complain about poor customer support are now being targeted for a phishing scam. After changing its account verification procedure, the social media platform once known as Twitter has undergone a significant shift in focus.

Since Elon Musk’s dramatic purchase of X in October 2022, there has been a lot of controversy surrounding the company. The change has been seriously affected by the unconventional name change, the regrettable X sign incident, and the decision to not fulfil rent payments.

There is still some tension regarding the blue tick scenario. This is clear from the frequent phishing attacks associated with the paid verification system.

Individuals with bank accounts and air travellers are susceptible to phishing attacks when they submit complaints through X. Scammers assume the roles of customer support representatives, using fake X handles to respond. They deceive victims into revealing their banking information under the guise of offering refunds.

Their manipulation is often aided by the display of the blue verification badge, which, until this year, was a symbol denoting officially authenticated X accounts.

A recent email sent to Twitter Blue subscribers, a badge that formerly denoted account verification, was received by the Twitter user @fluffypony. After Elon Musk bought Twitter, anyone may now purchase this badge for £6.33 per month.

Businesses subscribing for £950 per month receive a gold badge, although X’s terms and conditions remain silent about the pre-screening of subscriber accounts.

The email prompts the user to click the “Transition” button after informing them that their Twitter Blue account is about to change into a Stay Blue with X, as the subscription expiration approaches and a transfer becomes necessary.

Phishing Email from Fake X
Phishing Email from Fake X (Fluffypony)

Failure might result in badge loss, requiring a new application and subscription. Notably, this widespread phishing campaign targeted both regular Twitter users and verified users.

Phishing remains an effective method for coercing consumers into engaging in improper activities, regardless of technological advancement or the passage of time. Cybercriminals persist in deceiving users by emulating trustworthy sources.

Phishing may take many different forms, with the majority of them focusing on altering the letters, numbers, or symbols inside a name to offer a false sense of authenticity.

Consider the example of a Twitter account like @wcrldcoin, which is easily misread as the real thing owing to its blue verification badge and similarity to Worldcoin. Ironically, Worldcoin is a project designed to differentiate between real individuals and automated systems.

a fake Worldcoin Twitter account had a blue
Before suspension, a fake Worldcoin Twitter account had a blue checkmark (Twitter)

Cybercriminals targeted easyJet and BA customers who had their flights cancelled in June. These fraudulent users took advantage of individuals seeking refunds by creating false profiles on X. Both airlines acknowledged reporting fake accounts to X, with BA publicly tweeting about phoney profiles.

It takes only a few seconds to download the company’s logo and background picture, and for £8, a blue verification badge can be added for credibility. You can also create a username that closely resembles the real one. Many handles have been used for fraud, such @wcrldcoin, @WorlIdcoin, and @woldcoinusa, but occasionally scammers are so lazy that they forget to replicate the original handle.


In general, protecting your data online may be quite challenging to accomplish. Unfortunately, numerous scams exploit people’s limited understanding of digital technology. The most effective method of spreading harmful software among them is still phishing. Emails should only be opened if they are expected to come from a certain business or organisation.

It is important to avoid sharing private information, such as login credentials and passwords, on untrusted or malicious websites. In the modern day, scammers have acquired the skill of replicating reliable platforms. It is no longer unusual for a phishing website to have an SSL certificate.

Reputable organisations never ask you to download and run a file through email. They recommend that you get the information from their official website instead. Only click on links or files if you have complete trust in the sender’s trustworthiness.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts