Technology
Technology | The Guardian

‘We noticed a login from a new device’: the message from fraudsters targeting your X account

Source Entity

Samuel Gibbs Consumer technology editor

July 19, 2026
‘We noticed a login from a new device’: the message from fraudsters targeting your X account

Fraudsters are exploiting X's security notifications by sending phishing emails that mimic legitimate account alerts. Users are urged to verify the sender's address and avoid clicking links within suspicious emails to prevent credential theft.

The Evolution of Phishing: Exploiting Trust in X Security Alerts

In the digital age, cybersecurity threats have become increasingly sophisticated, often leveraging the very tools designed to protect us. A growing trend involves fraudulent actors mimicking the security notification emails sent by the social media platform X (formerly Twitter). These attackers capitalize on the user's immediate sense of urgency triggered by a notification about an unauthorized login attempt from a distant location, such as Arizona, when the user resides in a city like London.

The Anatomy of the Deception

The fraudulent emails are meticulously crafted to mirror legitimate security alerts. By claiming a login from a "Firefox Desktop on Mac" or similar generic configurations, the scammers create a narrative of a compromised account. These messages often include instructions that appear sound, such as advising the user to reset their password or review third-party app permissions. By mimicking the tone and structure of official X correspondence, attackers lower the victim's guard, making them more likely to interact with malicious links.

The Peril of Malicious Links

While the advice provided in these emails—such as logging out of active sessions or revoking unfamiliar app access—is technically sound security practice, the danger lies in the delivery mechanism. The links embedded within these phishing emails are designed to redirect users to malicious websites that harvest login credentials or install malware. Even if the email appears to come from a verified-looking source, clicking a link inside an unsolicited security warning is a primary vector for account takeover.

Psychological Manipulation and Urgency

The effectiveness of this scam relies heavily on psychological manipulation. By triggering a 'fight-or-flight' response regarding the safety of one's digital identity, the fraudsters compel the user to act quickly without verifying the source of the communication. This sense of urgency is a hallmark of social engineering; once the victim clicks the link, the illusion of security is shattered, and the attacker gains the upper hand in compromising the account.

Best Practices for Digital Defense

To mitigate these risks, users must adopt a 'zero-trust' approach to security notifications. Rather than clicking links provided in emails, it is safer to navigate directly to the official X website or mobile application by typing the URL manually into a browser. Furthermore, users should enable multi-factor authentication (MFA) and regularly audit their connected apps via the official account settings menu. By moving away from email-based interaction, users can effectively neutralize the threat posed by these sophisticated phishing campaigns.

Verification Required?

Read the full report from the primary source

Go to Technology | The Guardian