Hackproofing.com
Posts
SNEAKY “X POLICY” PHISHING SCAM EXPOSED

SNEAKY “X POLICY” PHISHING SCAM EXPOSED

One of the Most Convincing Phishing Attempts Yet!

April 07, 2025

In partnership with

Don't miss crypto's most influential event

Consensus is the world’s longest-running gathering of the global crypto, blockchain, and AI communities.

Curated by CoinDesk and celebrated as ‘The Super Bowl of Blockchain’, Consensus will host North America’s biggest industry-wide event in Toronto this May 14-16. This flagship festival will welcome 20,000 builders, investors, policymakers, and pioneers shaping the future of the decentralized digital economy.

Ready to invest in what’s next? Consensus is your best bet to unlock market-moving intel, make meaningful connections and get business done. You can’t afford to miss it.

Fact-based news without bias awaits. Make 1440 your choice today.

Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.

A new phishing campaign is making the rounds, targeting X users by pretending to be a policy violation notice. Even tech-savvy users nearly fell for it.

Here’s How It Works:

You receive a fake email claiming your X account has violated policy.
The message looks professional and mimics X’s official style.
It prompts you to click “Review Details” to avoid suspension.
You’re taken to a legit-looking login screen asking to "Authorize App" access.
If you authorize, the attacker can post, repost, and stay connected to your account indefinitely.

📖 Read Here!

Probably one of the most clever phishing campaigns I’ve ever been targeted by. Almost fell for it.
— Nikita Bier (@nikitabier)
3:21 AM • Apr 6, 2025

X Users Shocked by How Legit It Looks!

I mean, why would you need to install an app for a Policy Agreement, kinda weird. Otherwise pretty sophisticated though, language is good, believable.
— Tech Interloper (@tech_interloper)
2:21 PM • Apr 6, 2025

Wow, that’s incredibly deceptive! Thanks for sharing—this is a great heads-up for everyone. I’ve seen similar phishing attempts lately, and it’s scary how polished they’re getting. Did you report the domain to X? Also, for anyone reading, double-check those email senders and
— Playpal001 (@playpal001)
1:28 PM • Apr 6, 2025

these scammers got better ux than half the legit dapps out there. terrifying.
— TheJordude (@TheJordude)
6:49 AM • Apr 6, 2025

Users demand X to do better!

Wow this is a horrible look for the X team .. Phishers have API/oAuth access for an app called “X Policy Agreement”.
— Jack (he/him) (@jackfromohio)
2:23 PM • Apr 6, 2025

@X should probably be looking for linked apps named after itself. Hopefully they already are and this is a fresh one.
— Botzero (@botzero_net)
2:58 PM • Apr 6, 2025

Phishing Scams Are Still Out There—Stay Safe!