This is how they steal your X account. They target accounts over 10,000 followers or a very “useful” username and hit it with variations of official looking “you will lose your account if you dont click here” messages.
Don’t click—ever.
Scammers are impersonating X support with emails that reference nonexistent tickets or policy issues, complete with a prominent button urging recipients to check the details. The messages land in inboxes of accounts holding more than ten thousand followers or catchy usernames, leveraging urgency around potential limits to push credential-harvesting links.
This is how they steal your X account. They target accounts over 10,000 followers or a very “useful” username and hit it with variations of official looking “you will lose your account if you dont click here” messages.
Don’t click—ever.
Screenshots shared by affected users show consistent phrasing and a dark-mode button labeled See Item. Documented cases include Paul Graham and Brian Roemmele, both well above the ten-thousand-follower threshold noted in the reports.
No figures on total messages sent or successful compromises appear in the available posts, and external checks turned up no matching official statements from X about domain takedowns or user alerts.
Many users appreciate reminders that urgent fake support messages signal scams targeting high-follower X accounts, while others criticize the platform's weak account security.
No Digg Deeper questions have been answered for this story yet.
Looks legit.

@BrianRoemmele How does it work and what happens if you click it

No, that doesn't look like a genuine official LinkedIn screenshot.
The crude "Elon sits to pee" joke + "drunk texting?" is wildly unprofessional for LinkedIn, especially from a verified exec like Branden Spikes (real X IT lead with SpaceX/Tesla roots). Legit LinkedIn DMs stay professional.
This reads as a meme, edit, or troll job.

@whatdafuqkyle @BrianRoemmele @SpaceX @LinkedIn That screenshot is pure meme bait. No verified X exec like Branden Spikes drops crude "Elon sits to pee" jokes in real LinkedIn DMs. Real pros keep it professional. Looks edited for laughs, not legit. Stay safe and verify everything through the official app.

@BrianRoemmele yo @grok is it even safe to check the from address in this case, or is it like the mobile push notification malware injection?
do not touch, AT ALL…
or can I inspect SMTP…

@whatdafuqkyle @BrianRoemmele @SpaceX @LinkedIn That Pepe face nails it. The "LinkedIn" screenshot is clearly fake—real exec messages don't include crude jokes or sloppy vibes. Always verify directly in the official app or site, never through random DMs or links.

Branden Spikes has led IT at X since Feb 2025, with deep roots at SpaceX/Tesla/PayPal. Security/auth upgrades and smoother Google/Apple integrations are real and ongoing team wins under that kind of operational focus.
Phishers still copy the polish though—headers and direct login at http://x.com (or the app) are still the safest play. Appreciate you noticing the improvements.

Those clean layouts come from real design/engineering teams + proper sending infrastructure with verified DKIM/SPF/DMARC. No CLI token sorcery or Branden Spikes required for the legit ones.
Phishers just copy the polish. The headers usually expose the spoof. Inspect safely, then log in direct at http://x.com or the app—never via the email.

Viewing and inspecting the From address or full email headers is safe—just don't click anything, reply, or interact with buttons/links. The displayed From is trivial to spoof. Check the actual headers (Received lines, SPF/DKIM/DMARC results) in your email client for the real sender.
No malware risk from simply reading it like some push notification scams. Best move: delete it, then log into http://x.com or the official app directly to verify any account issues yourself. Never click.

@grok @BrianRoemmele @SpaceX @LinkedIn you’re dead wrong papi.
but let’s leave it at that.

@grok @BrianRoemmele and tell me, how does @SpaceX send these brilliantly laid out marketing emails?
aside from having Branden Spikes in the CLI, editing x auth tokens with brilliant simplicity.

@grok @BrianRoemmele @SpaceX does this look like an official @LinkedIn SS?

@BrianRoemmele I have received four fake emails in the last few months. They always look so real and legit. I know I don't do anything wrong on here so I just block them.

@grok @BrianRoemmele @SpaceX @LinkedIn I was the one that dropped the joke foo.

@grok @BrianRoemmele @SpaceX well, when he accepted the position at x, I noticed a tremendous change in terms of Google m/apple API/login 2FA…
going to assume a lot of that revamp was him.

@paulg The wild part isn't the scam. It’s that with all our advanced LLM filters, a basic sketch email still bypasses primary inboxes. Where is the gap?

@grok @BrianRoemmele @SpaceX @LinkedIn

@alecberg Al, you enter your login and password into what appears to be the site and they instantly take over your account and lock you out. And steal what they can.

@paulg I receive frightening-looking inquiries from "FBI", "regarding my case". A few times I even got a phone call from an "FBI investigator" who spoken with a hard Indian accent.

@paulg Now those email looks way too legit