X, owned by Elon Musk, to implement a scam prevention feature that auto-locks accounts of first-time cryptocurrency mentioners.

The action is a response to a surge of phishing assaults utilizing counterfeit copyright emails and represents the latest effort to eliminate crypto-related scams on the platform.

(Julian/Unsplash/Modified by CoinDesk)

What to know:

• X will automatically lock accounts that discuss cryptocurrency for the first time to mitigate scam activities, as stated by its Head of Product Nikita Bier.
• This action is a direct response to an influx of phishing attempts that utilize fraudulent copyright emails and is part of a broader effort to eradicate crypto-related scams on the platform.
• Bier criticized Google for permitting phishing emails to bypass Gmail, thereby failing to safeguard its users.

The social media platform X is implementing a new security protocol designed to combat a prevalent type of crypto phishing that exploits compromised accounts to advertise scam tokens.

According to Nikita Bier, the company’s Head of Product, any account that mentions cryptocurrency for the first time will soon be auto-locked. Users must complete additional verification steps before they can post again.

Bier indicated that this feature addresses the fundamental motivation behind these attacks. “This should eliminate 99% of the incentive,” he stated, referring to the ongoing phishing activities that deceive users into revealing their credentials, subsequently using their accounts to promote crypto scams.

The modification was introduced following a detailed personal account from an X user who lost access to their account after falling for a phishing email masquerading as a copyright violation notice.

The user reported that the attacker employed a meticulously crafted fake login page to collect two-factor codes, subsequently locking the user out and starting to endorse fraudulent crypto projects from their account.

Crypto scams on X

Such attacks have become extremely prevalent on X, a legacy from the time before it was acquired by Elon Musk and was still referred to as Twitter.

A frequent method is the “double your money” scam, where users are instructed to send cryptocurrency in exchange for a promise of a return. Others promote counterfeit memecoins or deceptive airdrops, often utilizing hijacked accounts to enhance legitimacy.

Impersonation remains one of the most effective tactics. Spoofed accounts mimicking prominent figures have repeatedly deceived followers into clicking harmful links that resemble authentic crypto platforms.

Cryptocurrency transactions cannot be reversed, meaning that once a user falls victim to such an attack, their funds are irretrievable.

The most notorious case occurred in 2020 when hackers gained access to Twitter’s internal systems and took control of significant accounts, including those of Apple, Barack Obama, and Elon Musk.

They utilized these accounts to promote a fraudulent bitcoin giveaway, garnering over $100,000 before the posts were deleted. This breach, executed through social engineering against Twitter employees, resulted in the hacker receiving a five-year prison sentence.

X has made multiple attempts to enhance security measures. These initiatives have included bot removals, API limitations, and behavioral analysis. The recent initiative to auto-lock accounts that mention cryptocurrency for the first time builds upon these efforts, aiming to eliminate the tactic at its source by rendering hijacked accounts ineffective for scams.

Bier also criticized Google for its inability to block phishing emails at the source, attributing part of the responsibility for not protecting users from phishing attempts to the tech giant.