X (Twitter) began rolling out a dislike button on replies on March 18, while a wave of phishing emails impersonating the platform targets users during the transition.
The simultaneous feature rollout and scam surge highlight a short-term vulnerability window as the platform restructures its spam controls.
Phishing Emails Exploit the Confusion
Macro analyst Marty Party flagged a new scam campaign using fake “Content Violation” notices that mimic official X communications. The emails prompt users to click an “Appeal Violation” button designed to harvest passwords and personal data.
“Beware of a new scam going around – you will get a very authentic Content Violation email that looks like it comes from X… The email comes from [email protected] which is fake. Be warned,” the analyst wrote.
The attack uses deceptive domains like communitycase-x.com, making the messages difficult to distinguish from legitimate notifications.
Security researchers have previously documented similar credential-theft campaigns targeting high-profile X accounts.
Dislike Button and Spam Economics Shift
Meanwhile, X’s Head of Product Nikita Bier signaled that the financial incentive to spam on the platform will decline significantly within 30 days and could eventually turn negative.
The dislike button, appearing as a broken heart or thumbs-down icon on replies only, feeds into X’s ranking algorithm. Dislike counts remain private, suppressing low-quality content without creating public backlash.
It’s mainly showing up on replies or comments under posts (not main tweets/posts yet). With the counts being private, only the algorithm uses them to rank better replies higher and bury spammy/low-quality ones.
However, the rollout is uneven. Server-side flags control access, meaning many users, particularly in regions like East Africa, may not see the feature immediately.
Users have also noted that persistent issues like DM spam remain unaddressed.
As X tightens its spam monetization model, scammers appear to be exploiting user confusion around the rapid feature changes.
The platform’s long-term trajectory points toward reduced spam, but the transition period demands heightened user vigilance.
