Slow Fog Cosine: Beware of Phishing Email Attacks Disguised as X Login Notifications

ChainCatcher message, Slow Mist Cosine posted a warning on X, indicating a recent surge in phishing email attacks targeting X users. The subject of the attack emails is "New login to X From XXX," which can bypass Gmail's spam filter.

Attackers forge account abnormal login notifications to guide users to click on links such as "Change your password" or "Review the apps," which actually redirect to X's third-party application authorization page. Once users authorize, attackers can gain tweet posting and forwarding permissions, thereby manipulating the user's account to post content without their knowledge.

Users need to be highly vigilant about such emails, avoid trusting abnormal login alerts, and refrain from clicking on email links or authorizing unknown applications.