An X user received a direct message (DM) from a mutual seeking support in the form of a vote for an influencer programme or a competition. The user, who believed the message was from the mutual, clicked on the link in good faith. Within seconds, his account was hacked, his email ID was changed and his profile was now full of posts related to crypto. In the next few hours, his mutuals were getting similar DMs from his account.
Serious hacking attempts are being made to hack RW twitter accounts. Don't click on links given by known people. Check with them personally first. pic.twitter.com/C5jKaFrvRE
— Vikas Pandey (Sankrityayan) (@MODIfiedVikas) April 21, 2026
This is not fiction but one of the most common scams happening on X, formerly known as Twitter, for years, and now it is once again affecting users. Several famous handles including Ramprasad_c, NAN_DINI_, and others fell prey to the hack.
X user Mohan Sinha, one of the friends of Nandini on X, shared a message from her yesterday stating that she received a DM from a follower seeking a vote for him on a website. Initially, she ignored it for a couple of days. However, the follower then followed up and said that he was just a few votes short.
Message I got from Nandini, which I am posting on her behalf since she has been blocked:
— Mohan Sinha 🇮🇳 (@Mohansinha) April 20, 2026
“Most people assume I clicked on some shady crypto link. I didn’t.
It was a DM from a follower asking me to vote for him on a website. I ignored it for a couple of days. Then he followed up,…
While this could have been seen as a red flag, she clicked on the link. She was immediately logged out of X and the moment she entered her password, the account was gone.
Soon after, a suspicious X account coach_hannahrae was being promoted on her timeline with some crypto links. While those posts have been removed from her profile now, it is unclear if she has regained access to her account or not. Nandini is not alone. There are many such X users who received similar DMs, and they accidentally clicked on the link and lost their accounts within seconds.
In the comments under the post from Mohan, several X users said they recieved similar DMs and some also shared screenshots of the posts published after the hack.
I received this message from mamta pic.twitter.com/jtqMfhGPx0
— नंदिता ठाकुर 🇮🇳 (@nanditathhakur) April 20, 2026
What is happening
This is a phishing scam that is circulating on X. This is not a new scam and versions of this have been around for years, not only on X but on other platforms like Facebook, WhatsApp, and Instagram as well.
In such scams, users receive a DM from a mutual asking for some help. It could be anything including a vote, support, sharing a page or anything. In this case, the DM is about a vote for an influencer programme. The message appears authentic because it is from a known contact with whom either you have interacted or at least you both follow each other.
However, the account sending you the message is already compromised. Clicking on such a link starts a chain reaction that spreads to your contacts on social media because once your account is compromised, they will get a similar message from the scammer pretending to be you.
When someone clicks on the link in the DM, note that your account does not get hacked automatically. It takes you to a fake login page that looks like X. When users enter their username and password, the credentials are captured instantly. Within seconds, hackers, who have been waiting for someone to fall for the scam, get hold of your account, change the registered email ID and password and lock the original user out.
The compromised account is then used to run a similar scam and post content promoting cryptocurrency or some other scam. Because the account is credible for the followers, many of them click on the links in the post and may face financial losses.
How to be safe
Users should treat unsolicited DMs, especially those asking them to vote or click on a link, even if it is from a mutual, with caution. Never click on such links directly. Confirm with the sender through another platform or ask a question that only they can answer.
Make sure to check the URL before logging in. When you click on a link in the DM, you are not logged out from your X account. In most cases, you are taken to a page that looks exactly like the X login page. Close the page and open X’s official link. Only then enter your credentials.
Make sure to enable two factor authentication to add an extra layer of security. Use a unique and strong password for X that is not used on any other platform. Make sure to regularly review active sessions and logged in devices. Log out from any unknown sessions. If a mutual suddenly sends repetitive promotional messages, assume their account may be compromised.
How to regain access to X account
If you have already lost access to your account, act immediately. First of all, try resetting your password using the official X password recovery option. In case the hacker has changed your email ID, use the “I don’t have access to this email” option and submit the request through X support.
Make sure to provide as much information as you can to verify ownership. It may include previous email IDs, usernames, or linked phone numbers. Check your email for any security alerts from X and use those links to reverse unauthorised changes if still possible.
Make sure that your email account is secure because hackers often target it alongside social media accounts. It may take some time, in some cases several days, to regain access to your account.
Meanwhile, take help of some mutuals with whom you are in contact on other platforms or on the phone. Request them to post a message on your behalf, tagging you and explaining the situation.
Once you regain access to your account, remove any suspicious posts or DMs sent from your profile. Inform your followers that your account was compromised and advise them not to click on any link sent from your account in the last few days.
