Phishing Campaign Targets High-Profile X Accounts

An active, one-click phishing campaign is targeting the X accounts of high-profile individuals — including journalists, political figures, and even an X employee — to hijack and exploit them to commit cryptocurrency fraud.

Researchers Uncover the Campaign

Researchers at SentinelLabs uncovered the campaign, which they said appears to be most prominent on X but is not limited to a single social media platform. They revealed this information in a recent post.

The Cryptocurrency Landscape and Phishing

The cryptocurrency landscape offers financially-motivated threat actors multiple opportunities for profit and fraud, according to the researchers. While marketing for coins and tokens has long been irreverent and meme-driven, recent developments have further blurred the line between legitimate projects and scams.

Protecting Your X Account

To protect an X account, the researchers recommended the obvious: users should maintain good password hygiene by using a unique password, enabling two-factor authentication (2FA), and avoiding credential sharing with third-party services.

Be Cautious of Phishing Messages

People should also be especially wary of messages containing links to account alerts or security notices, and always verify URLs before clicking on them. If their accounts do need a password reset for security purposes, these should be initiated only directly through the official website or app rather than relying on unsolicited links, the researchers advised.