Twitter’s Pivot to x.com Is a Gift to Phishers
On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets.
[…]
The apparent oversight by Twitter/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett, a lecturer at U.C. Berkeley’s School of Information, summed up the Schadenfreude thusly:
“Twitter just doing a ‘redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com’ is not absolutely the funniest thing I could imagine but it’s high up there.”
I still go to twitter.com, which serves links to twitter.com rather than x.com. And if I go to x.com it redirects me to twitter.com.
Previously:
Update (2024-04-24): See also: Bruce Schneier.
3 Comments RSS · Twitter · Mastodon
@Kristoffer
Hahaha. For sure.
The whole platform is a joke. Elon could have, I don't know, simply kept the name of the company every one more or less enjoyed using instead of rebranding everything, but you know. Maybe he thinks if he rebrands to x, all the Twitter debts owed go poof?
It's still twitter.com for me as well, even if I go to x.com. I'm so confused by this transition, and how they managed to fumble it so badly.
Weird how the trust and safety team didn't catch this on stage