While X, the social media platform formerly known as Twitter, has only about 600 million active monthly users, compared with Facebook’s 3 billion, that doesn’t mean they aren’t on the radar of cybercriminals. The latest account-compromising attack warning takes the familiar shape of a so-called warning from the platform itself, this one urging users to take action after a supposed breach of community guidelines that threatens to impose restrictions on the account in question. This type of content warning attack isn’t new, and certainly not limited to just the X service by any means, but X users are recommended to take it seriously, as doing otherwise could see your account hacked and your content in the hands of the attacker. Luckily, it’s not the most sophisticated of campaigns I have seen, and there are plenty of red flags warning that all is not as it seems. Here’s what you need to know.

The X Community Guidelines Warning Attack Explained

There can be no doubt that social media platforms are attractive to would-be hackers, and the likes of Facebook with billions of active users are at the top of the targeting tree. Already this month, I have posted a warning about a free Facebook blue verification badge attack against its users. When it comes to X, however, the lure of high-profile celebrity, political and media accounts comes into play despite only having 20% of the active users of Facebook. And it is one such, relatively speaking, high-profile user that has issued the latest warning after being on the receiving end of this account compromise attack attempt.

Dan Neidle, the founder of Tax Policy Associates Ltd and well known for his investigations into financial shenanigans, has a none too shabby 182,000 followers on X. It is an account that could prove valuable to a successful attacker in many ways, from potential reach for spreading scams to attacks on equally high-profile followers of the account. On May 1, Neidle posted a “Quick warning about a fairly sophisticated phishing attack that's being used to steal X accounts.” I will take issue with the sophisticated label, and more of that in a moment, but his posting is quite correct in the need to bring this particular phishing campaign to the attention of as many X users as possible. If you are distracted by pressures of time or work, or just get caught off guard during a time of stress, a click or two is all it would take for you to lose access to your social media account.

The message from X in question came by email, and not from X, of course. Claiming that “A content regarding X Community Guidelines has been breached on you page,” the first red flag is immediately apparent: just look at that grammar. There is no way that an official support communication from a professional organization would make those errors. Frankly, in this age of AI-created phishing campaigns , I’m pretty shocked that people are still sending this poorly constructed rubbish.

However, if you somehow managed to miss this attack giveaway, along with the fact that the sending address is a poorly executed attempt at impersonating an X.com domain, then you might be worried enough by the claim that you need to take action: “If you wish to contest this outcome, you may submit a request for further review,” and hit the big take action button. If so, then things become a lot more professional and take the form of a page explaining the content violations, and explaining that these include:

• Unauthorized use of copyrighted material • Removal or alteration of watermarks and attribution • Distribution of protected content without proper authorization

All quite worrying, and quite believable to be honest. Then there’s the warning that: “Failure to take action within 24 hours will result in permanent suspension of your account, including all content, followers, and account history.”

Of course, taking action requires confirmation that you are the account holder, which, in turn, means entering your password. Bazinga.

The X Help Center recommends: ”If you receive a fake email, delete it from your inbox. Don’t download any attachments from these emails.” And don’t click any links either. X said, “Please know that X will never send emails with attachments or request your X password by email.” To which I would add that you should ensure you switch to using an X passkey rather than a password, as this provides additional security against such password-harvesting attacks. You can find out how to do this here .