X (Twitter) Scams: Impersonation and Verification Fraud
When X (formerly Twitter) replaced legacy verification with a paid subscription model, it created the largest impersonation vulnerability in social media history. Anyone willing to pay $8/month could get a blue checkmark — the same symbol that previously indicated identity verification. Scammers immediately exploited this, and the problem persists in 2026.
Paid Checkmark Impersonation
Scammers purchase X Premium, set their display name and profile picture to match a well-known person or brand, and post scam content that appears to come from a verified, legitimate source. An account named "Coinbase" with a blue checkmark posting about a crypto giveaway looks real to most users.
"To celebrate reaching 100M users, we're giving 5,000 BTC to our community. First come, first served. Visit coinbase-celebrate.com to claim your share." — Fake Coinbase account with a purchased blue checkmark.
The gold checkmark (for organizations) provides somewhat better identity assurance, but blue checkmarks on individual accounts no longer indicate that the person is who they claim to be.
Reply Bot Swarms
Under any popular tweet — especially those from crypto figures, tech leaders, or financial personalities — bot accounts flood the replies with scam promotions. They use the original poster's profile picture and a slightly modified name to appear as official follow-up comments:
"Replying to myself: I'm also running a special event today. Check the link in my bio for details." — Bot reply under a legitimate Elon Musk tweet, using Musk's profile picture.
These replies are often the first thing users see because coordinated liking from other bot accounts boosts their visibility.
Think it might be a scam?
Paste it here for a free, instant verdict.
Free · No signup required · Cmd+Enter to scan
DM Phishing
Direct messages claiming your account will be suspended, you have won a prize, or someone has reported you — all containing links to fake X login pages. The messages may appear to come from "@XSupport" or "@XVerification" — accounts that mimic official X communication.
X's actual support does not contact users through DMs requesting login credentials. Official communications appear in the X app through notifications, not direct messages from random accounts.
Fake Airdrop and Giveaway Promotions
Tweets and threads promote cryptocurrency airdrops, NFT mints, or cash giveaways. The links lead to wallet-draining smart contracts or credential-harvesting pages. These campaigns often use quoted tweets from real accounts to appear connected to legitimate figures.
Investment Scam Threads
Long threads share supposed "alpha" — insider information about stocks, crypto, or forex. The thread builds credibility with accurate-sounding analysis, then directs followers to a trading platform (fake), a paid group (scam), or a token (pump-and-dump). Quote-tweet engagement from bot networks makes these threads appear popular.
Account Recovery Scams
Users who tweet about being locked out of accounts receive replies from accounts posing as "X Support Representatives" offering to help. The "help" involves providing your email, phone number, and password, or paying a fee for "expedited account recovery."
Influencer Sponsorship Scams
Accounts with purchased followers and engagement (likes and retweets from bot farms) appear to be legitimate influencers. They promote products — typically dropshipped items, fake investment platforms, or counterfeit goods — to their "audience." Brands that partner with these fake influencers waste marketing budgets; followers who buy promoted products get scammed.
How to Stay Safe on X
Verify account identity beyond the checkmark. Check follower count, account age, post history, and whether other verified accounts follow or interact with the account. A blue checkmark alone proves nothing about identity.
Ignore crypto giveaways. No legitimate company or individual gives away cryptocurrency through X posts. Every single one is a scam.
Do not click links in DMs from unknown accounts. If you receive a DM claiming to be from X Support, it is not. Block and report.
Be skeptical of reply engagement. The first reply under a popular tweet is frequently a bot. Do not click links in replies, even if they appear to come from the original poster.
Enable two-factor authentication. Go to Settings > Security and account access > Two-factor authentication. Use an authenticator app for the strongest protection.
Report impersonation. Use X's reporting flow (three-dot menu > Report > Impersonation) to flag fake accounts. Volume of reports affects takedown speed.
Paste suspicious X links, profiles, or messages into IsThisAScam to check for known scam patterns before engaging.
Received something suspicious? Check it now for free →