‘We noticed a login from a new device’: the message from fraudsters targeting your X account
Fraudsters are sending fake "new device login" emails to X (formerly Twitter) users, closely mimicking the platform's genuine security notifications in an attempt to steal account credentials. The emails warn of a login from an unfamiliar location and device, then urge recipients to click links to reset their password or review connected apps – but these links lead to fraudulent sites designed to harvest login details or trick users into granting scammers direct access. Once inside an account, criminals typically use it to launch further scams, including cryptocurrency fraud, phishing campaigns and misinformation.
The fake emails closely replicate X's branding, layout and wording, though subtle clues can expose them, such as missing account handles, vague location details, or a sender address that isn't @X.com or @e.X.com. Cybersecurity adviser Jake Moore of ESET recommends not clicking links in such emails and instead checking account security directly within the genuine X app; anyone who has entered a password or one-time code on an unverified page should change their password immediately and ensure two-factor authentication is enabled.
- Scam emails mimic X's login-alert notifications to steal passwords.
- Fake links lead to sites harvesting credentials or account access.
- Verify sender domain, avoid links, enable two-factor authentication.