Tuesday, April 16, 2024

Twitter’s Pivot to x.com Is a Gift to Phishers

Brian Krebs (Hacker News):

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets.


The apparent oversight by Twitter/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett, a lecturer at U.C. Berkeley’s School of Information, summed up the Schadenfreude thusly:

“Twitter just doing a ‘redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com’ is not absolutely the funniest thing I could imagine but it’s high up there.”

I still go to twitter.com, which serves links to twitter.com rather than x.com. And if I go to x.com it redirects me to twitter.com.


Update (2024-04-24): See also: Bruce Schneier.

Update (2024-05-17): Jay Peters and Thomas Ricker:

The social network formerly known as Twitter has officially adopted X.com for all its core systems. That means typing twitter.com in your browser will now redirect to Elon Musk’s favored domain, or should.

Update (2024-05-20): See also: DataChazGPT.

3 Comments RSS · Twitter · Mastodon

Weird how the trust and safety team didn't catch this on stage

Hahaha. For sure.

The whole platform is a joke. Elon could have, I don't know, simply kept the name of the company every one more or less enjoyed using instead of rebranding everything, but you know. Maybe he thinks if he rebrands to x, all the Twitter debts owed go poof?

It's still twitter.com for me as well, even if I go to x.com. I'm so confused by this transition, and how they managed to fumble it so badly.

Leave a Comment