Phishing Scams on X/Twitter: Fake Verification and Crypto Drainers
Phishing attacks on X/Twitter target users with fake account verification requests, impersonated customer support accounts, and malicious links disguised as airdrop claims that drain connected crypto wallets.
Part of: Phishing
Last reviewed: 1 June 2026
X/Twitter's public, open structure allows scammers to reply to viral posts, impersonate official accounts with slight name variations, and buy promoted placements that appear to be from verified organisations. Phishing on the platform takes advantage of users' trust in accounts displaying verification badges, which can be obtained through paid subscriptions rather than identity verification.
The platform's crypto-friendly audience makes it particularly attractive to wallet-draining phishing attacks, where a single successful victim can lose their entire crypto portfolio in seconds.
How this scam works on X/Twitter
A common tactic involves replying to a high-profile account's post with a message like 'Your account has been reported — click here to appeal.' The link leads to a fake X login page harvesting credentials. Because the reply appears in a thread the user is already reading, it looks contextually relevant.
Airdrop phishing posts promise free tokens to users who connect their wallet to a site accessed via a link in the post. The site contains a malicious smart contract approval that gives the attacker permission to drain all tokens from the connected wallet.
Fake support accounts with names like '@XSupportHelp' or '@TwitterHelpDesk' reply to users who publicly complain about account issues, offering direct-message assistance that leads to credential harvesting.
Common red flags
- Reply from an account impersonating X/Twitter support asking you to click an external link
- Airdrop or free token offer requiring you to connect a crypto wallet to an external site
- Account suspension threat with a link to 'appeal' — links to a non-x.com domain
- Promoted post from an account with a near-identical name to a well-known brand
- X account requesting your seed phrase or wallet private key for any reason
- Link shorteners or redirect chains that obscure the true destination URL
How to protect yourself
- Access your X account settings only through x.com directly, never via linked external pages
- Never connect a crypto wallet to a site accessed via a social media link without thorough independent research
- Enable two-factor authentication on your X account using an authenticator app
- Verify support account usernames against X's official @support account before engaging
- Use a hardware wallet for significant crypto holdings to prevent drainer contract approvals
- Bookmark x.com/settings and access account management only from that bookmark
How to report it
- Report phishing accounts on X using the three-dot menu on the post or profile: 'Report' > 'Spam or harmful links'
- Report phishing sites to the Anti-Phishing Working Group at [email protected]
- File a report with the IC3 at ic3.gov if cryptocurrency has been stolen
Frequently asked questions
Does X/Twitter verify the identity of accounts with checkmarks?
Since 2023, X offers a paid 'X Premium' subscription that grants a gold or blue checkmark without verifying the account's real-world identity. Scammers can purchase these, so a checkmark alone no longer guarantees an account is who it claims to be. Always verify by checking account history, follower quality, and independent sources.