{"id":42867,"date":"2024-04-16T23:45:48","date_gmt":"2024-04-17T03:45:48","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=42867"},"modified":"2024-06-18T11:10:49","modified_gmt":"2024-06-18T15:10:49","slug":"twitters-pivot-to-x-com-is-a-gift-to-phishers","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/04\/16\/twitters-pivot-to-x-com-is-a-gift-to-phishers\/","title":{"rendered":"Twitter’s Pivot to x.com Is a Gift to Phishers"},"content":{"rendered":"

Brian Krebs<\/a> (Hacker News<\/a>):<\/p>\n

On April 9, Twitter\/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com<\/strong>, which until very recently rendered as fedex.com<\/strong> in tweets.<\/p>

[…]<\/p>

The apparent oversight by Twitter\/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett<\/strong>, a lecturer at U.C. Berkeley’s School of Information, summed up<\/a> the Schadenfreude thusly:<\/p>

“Twitter just doing a ‘redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com’ is not absolutely the funniest thing I could imagine but it’s high up there.”<\/p><\/blockquote>\n

I still go to twitter.com<\/tt>, which serves links to twitter.com<\/tt> rather than x.com<\/tt>. And if I go to x.com<\/tt> it redirects me to twitter.com<\/tt>.<\/p>\n\n

Previously:<\/p>\n