X Account Security Check and Reinforcement Guide: Protecting Your Web3 Identity
By:SlowMist Security Team
Introduction:
Recent incidents of Web3 projectowners and prominent figures having their X accounts compromised and used to spread phishing tweets are alarming. Hackers are employing various methods to steal user accounts, with common tactics including:
- Deceptive Links: Tricking users into clicking fake Calendly/Kakao meeting appointment links to steal account authorization or control their devices.
- Malware Downloads: Private messages enticing users to download malware disguised as games, meeting applications, etc. These programs can steal private keys, seed phrases, and X account access.
- SIM Swap Attacks: Hijacking X accountsthat rely on phone numbers for verification.
SlowMist Security Team has assisted in resolving numerous such incidents. For instance, on July 20th, the TinTinLand project’s X account was compromised, with the attacker posting aphishing link tweet. SlowMist’s intervention helped TinTinLand recover their account and implement authorization review and security reinforcement.
Given the increasing number of victims, many users are unsure about strengthening their X account security. This article provides a comprehensive guide on how to conduct authorization checks and implement security settings for your X account.
Authorization Check
We’ll use the web version as an example. After accessing x.com, click More in the sidebar and locate Settings and privacy. This section is dedicated to managing account security and privacy.
1. Review Authorized Applications:
Many phishing attacks exploit users clicking onauthorized application links, granting X account tweeting privileges to malicious entities.
Check: Navigate to Settings and select Security and account access.
Review: Under Apps and sessions, check the applications authorized to access your account. The example below shows three authorized applications.
Revoke: Select a specific applicationto view its permissions. You can revoke permissions using Revoke app permissions.
2. Check Delegations:
Check: Settings → Security and account access → Delegate
Review: If your account allows delegate invitations, go to Members you’ve delegated to see which accounts have access.Immediately revoke delegation if it’s no longer necessary.
3. Examine Login Logs:
If you suspect unauthorized access, review the login logs to identify unusual device logins, dates, and locations.
Check: Settings → Security and account access → Apps and sessions → Account access history
Theimage shows the Account access history, where you can see recent logins.
Security Settings
1. Two-Factor Authentication (2FA):
Enable 2FA to add an extra layer of security by requiring a code from your phone or authenticator app in addition to your password.
2. Strong Password:
Use a complex password with a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using common words or personal information.
3. Password Manager:
Store your passwords securely using a password manager. This helps you create and manage strong, unique passwords for each of your accounts.
4. Regular Security Updates:
Keep your operating system, browser, and applications updated to patch vulnerabilities that hackers can exploit.
5. Be Cautious of Links and Downloads:
Always double-check links before clicking, especially those received via private messages. Be wary of downloading files from untrusted sources.
6. Limit Account Sharing:
Avoid sharing your X account credentials with others. If you need to share your account, use delegated access with limited permissions.
Conclusion:
Protecting your X account is crucial for safeguarding your Web3 identity and preventing phishing attacks. By following the authorization check andsecurity setting steps outlined in this guide, you can significantly enhance your account’s security and minimize the risk of compromise. Remember to stay vigilant, practice caution, and keep yourself updated on the latest security threats.
Views: 0