Account Takeover Scams on X (Twitter)
X accounts are targeted and hijacked through phishing DMs and third-party app abuse, then used to post scams to the victim's followers.
Part of: Account Takeover Scams
Last reviewed: 1 June 2026
A hijacked X account — especially one with a large following — is a valuable tool for criminals. Compromised accounts immediately become vehicles for crypto giveaway scams, investment fraud promotions, and phishing links, reaching all existing followers under a trusted identity. The account owner faces reputational damage and may find recovery difficult if the attacker quickly changes email and phone recovery settings.
Account takeover on X typically starts outside the platform: phishing emails leading to fake login pages, or third-party app tokens that grant post access without a password change.
How this scam works on X (Twitter)
A DM or email appears to be from X support, warning of a policy violation or unusual login, and directing the user to re-enter credentials on a phishing page. Once credentials are captured, the attacker logs in, changes the recovery email and phone, and begins posting fraudulent content from the account.
Third-party application tokens are another vector: apps granted read/write access to the X account can post without a password if the token is stolen. Users who connected their account to multiple third-party apps years ago may have forgotten these connections remain active.
Common red flags
- DM or email from 'X support' requesting login credentials or directing to a login page
- Unexpected notification that account settings or recovery details changed
- Followers report seeing posts from your account that you did not make
- Login attempts from unrecognised locations visible in account security settings
- Access suddenly denied despite using the correct password
How to protect yourself
- Enable two-factor authentication on your X account
- Regularly review and revoke third-party app access in account settings
- Access X only through the official app or website, not through links in messages
- Use a unique, strong password for your X account
- If your account is compromised, use X's account-recovery process immediately and notify your followers
How to report it
- Use X's official account-compromise recovery process at the help centre
- Report the compromised account's fraudulent posts to X
- Report to your national cyber authority if large-scale fraud was posted from your account
Frequently asked questions
How do I review which apps have access to my X account?
Go to X Settings > Security and Account Access > Apps and Sessions > Connected Apps. Review the list and revoke access for any app you no longer use or do not recognise.