From Newsgroup: uk.d-i-y

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Cheers



Dave R
--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

--
This email has been checked for viruses by Avast antivirus software. www.avast.com
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 11 Oct 2025 12:52:42 GMT
David <wibble@btinternet.com> wrote:

I have a notification of a suspicious attempt to log into my X
account. From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so
doesn't need changing.

Sound reasonable?

In this case, with a single attempt, I would think so. The report you
received undoubtedly gave you a URL to click to change your password,
and it is possible that this is a phishing attempt to get you to do so
via a site that isn't X. Or it could be genuine, of course.

Most people use either webmail or an email client configured to render
HTML, and in either case the recipient would not routinely see the
actual URL the link leads to. Suspicious people (i.e. people who have suspicions) will hover the mouse over the link on a computer, but I
don't think phones have a similar facility.

If you get repeated tries, this could possibly be a sign that someone
has got hold of a user list stolen from the site in question, in which
case it would be good to change the password in case the list was
accompanied by the password hash database, and a different bad guy has
the means to crack it. It seems that just about nobody is able to keep
their user database secure.

If ever you do decide to change your password, ignore any email links
and login the usual way you do.
--
Joe

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 11/10/2025 13:52, David wrote:

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Cheers

Dave R

If the notification came from an iphone, then it is more likely to be a
scam than not. I would have ignored it.

I do wonder if the notification opened up visibility of what you change
it to. As it failed, there should be no harm done - unless you logged
in with your real password immediately afterwards.

Jim

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

In message <mkv28qFnecjU19@mid.individual.net>, David
<wibble@btinternet.com> writes

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Cheers

Dave R

I was hit by this one in June LummaC2. It steals all your stored
passwords. Fake captchas etc

<Https://www.pcmag.com/news/microsoft-finds-password-stealing-lumma-malwa re-on-394000-windows-pcs>

Most of my passwords are 2FA or geographically restricted. Someone
tried to order Netflix on my BT Account and I got a few others odd
attempts on Amazon trying to order stuff.

Some one change my e-mail address on X but I got it back

I got this one on my lastpass account yesterday .

Thursday, October 9, 2025 at 10:49 PM EST Location Pocinhos, PB 58150,
BRAZIL IP address 186.232.198.101


Malwarebytes will do a check - worth doing.That's how I sussed it.

<https://www.malwarebytes.com/blog/news/2025/05/lumma-information-stealer -infrastructure-disrupted>

Brian
--
Brian Howie
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 11/10/2025 13:52, David wrote:

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Did the same email give you a link to change your password?
If so you probably would have been directed to a scam site that looks identical to the Twitter password change page. Here they would have
asked for your current and new password.
--
mailto : news {at} admac {dot} myzen {dot} co {dot} uk
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

brian <nospam@b-howie.co.uk> wrote in
news:7iySDbIO8m6oFwuY@b-howie.co.uk:

In message <mkv28qFnecjU19@mid.individual.net>, David <wibble@btinternet.com> writes

I have a notification of a suspicious attempt to log into my X
account. From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Cheers

Dave R

I was hit by this one in June LummaC2. It steals all your stored
passwords. Fake captchas etc

<Https://www.pcmag.com/news/microsoft-finds-password-stealing-lumma-mal ware-on-394000-windows-pcs>

I had expected something more sophisticated, the pictured one is so
obviously fake.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

David <wibble@btinternet.com> wrote:

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Cheers

Dave R

How did this notification come? Via email? Was there a helpful link to
change your password?

If you followed that link yourCOre highly likely to have been scammed. The rCLfailed attemptrCY is just a ruse to make you think that nothing bad had happened when in fact yourCOve just given you current (and possibly next password) to the scammer.

Hopefully you went directly to X and didnrCOt follow an email linkrCa.

Tim
--
Please don't feed the trolls
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On Sat, 11 Oct 2025 12:52:42 +0000, David wrote:

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

More detail:

The notification was on my X timeline, and also via my registered email address for X.

The wording was familiar - roughly if this was you, fine, if not change
your password.

There were no links to reset my password.

Therefore I am treating it as a genuine notification.
My point is that advice to change my password seems to be pointless in
this case as apparently the log on attempt was unsuccessful.

Cheers



Dave R
--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

--
This email has been checked for viruses by Avast antivirus software. www.avast.com
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 11/10/2025 13:52, David wrote:

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

Yes, and in fact maybe you got this message because someone *wants* you
to change your password...tinfoil hat time!

Cheers

Dave R

--
For in reason, all government without the consent of the governed is the
very definition of slavery.

Jonathan Swift


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 11/10/2025 14:35, Joe wrote:

If ever you do decide to change your password, ignore any email links
and login the usual way you do.

+10001

Evert time the 'bank fraud department' wants me to contact such and such
a site I log into my bank in the *usual* way.

Same as all unsolicited phone calls that don't start with 'is that Mr
xxxx'? are immediately disconnected., If they don't know who I am why
are they calling?
--
For in reason, all government without the consent of the governed is the
very definition of slavery.

Jonathan Swift


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 12/10/2025 12:53, David wrote:

The wording was familiar - roughly if this was you, fine, if not change
your password.

There were no links to reset my password.

Therefore I am treating it as a genuine notification.
My point is that advice to change my password seems to be pointless in
this case as apparently the log on attempt was unsuccessful.

I often get notifications from whatsapp web if I use my laptop to
connect instead of the desktop.

So far no unknown machines have tried ..
--
rCLPolitics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong remedies.rCY
rCo Groucho Marx

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

David <wibble@btinternet.com> wrote in news:ml1j69FnecjU20
@mid.individual.net:

More detail:

The notification was on my X timeline, and also via my registered email address for X.

The wording was familiar - roughly if this was you, fine, if not change
your password.

There were no links to reset my password.

Therefore I am treating it as a genuine notification.
My point is that advice to change my password seems to be pointless in
this case as apparently the log on attempt was unsuccessful.

On the other hand it may be that your account will be targeted again in the future so if you feel your password is weak then it may be time to change
it to a stronger one. Obvs via the offical account page.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

On 12/10/2025 12:53, David wrote:

Therefore I am treating it as a genuine notification.
My point is that advice to change my password seems to be pointless in
this case as apparently the log on attempt was unsuccessful.

Or one of the log on attempts was unsuccessful ?

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: uk.d-i-y

David <wibble@btinternet.com> wrote:

On Sat, 11 Oct 2025 12:52:42 +0000, David wrote:

I have a notification of a suspicious attempt to log into my X account.
From an iPhone in Brazil.
[NB I am not in Brazil and don't possess an iPhone.]

The recommendation is to change my password.

If the attempt failed, my password is presumably secure and so doesn't
need changing.

Sound reasonable?

More detail:

The notification was on my X timeline, and also via my registered email address for X.

The wording was familiar - roughly if this was you, fine, if not change
your password.

There were no links to reset my password.

Therefore I am treating it as a genuine notification.
My point is that advice to change my password seems to be pointless in
this case as apparently the log on attempt was unsuccessful.

Cheers

Sounds like just a random attempt to log into your account. I wouldnrCOt
worry about it.

Tim
--
Please don't feed the trolls
--- Synchronet 3.21a-Linux NewsLink 1.2