Twitter fake login page detected

Posted byAnti-phishing Leave a comment on Twitter fake login page detected

This screenshot shows a phishing page impersonating Twitter (now X) , designed to steal login credentials (email/phone/username and password). The page is hosted on a suspicious domain unrelated to Twitter.

Threat Analysis: Twitter Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or direct message claiming a security alert, account suspension, or unusual login activity. The link leads to this fake Twitter login page. The victim enters their phone, email, or username and password, then clicks “Login.” The credentials are captured and sent to the attacker.

The goal:
The attacker steals Twitter account credentials to:

  • Access private messages and personal information
  • Post spam or malicious links from a trusted account
  • Spread the phishing attack to the victim’s followers
  • Use the same email/password combination to compromise other accounts (if credentials are reused)

Red flags to watch for:

  • Suspicious URL: The page is hosted on obgyn.click, not twitter.com or x.com. Legitimate Twitter login pages are only on official domains.
  • Generic design: The page mimics Twitter’s interface but lacks the full security indicators (e.g., proper SSL certificate, official footer links).
  • Unsolicited login request: Twitter does not send links requiring users to log in to resolve account issues.
  • No two‑factor authentication prompt: A real login page may ask for a second factor after credentials; this page does not.

What to do if you encounter this:

  • Do not enter your login credentials.
  • If you have already entered them, change your Twitter password immediately and enable two‑factor authentication (2FA). Also change any other accounts that use the same password.
  • Always access Twitter by typing twitter.com or x.com directly into your browser.

Protective measures:

  • Bookmark the official Twitter login page and use that bookmark.
  • Use a password manager – it will not autofill on fake domains.
  • Enable two‑factor authentication on your Twitter account (using an authenticator app or security key, not SMS).
  • Be suspicious of any unsolicited message that asks you to log in.

Leave a comment

Your email address will not be published. Required fields are marked *