The social media platform X, formerly known as Twitter, has been facing an escalation in scams targeting unsuspecting users. These scammers are now exploiting global crises, such as the war in Ukraine and earthquake warnings in Japan, to deceive users into clicking on fake content. The tactics used by these bad actors have become more sophisticated, as they now employ sensational news stories to lure users into engaging with their fraudulent content.
For months, X has been plagued with posts that lead users to fake adult sites through a bait-and-switch tactic. However, scammers have recently taken their deception to the next level by leveraging current events to attract more users. Reports have shown that posts have been circulating about Ukrainian forces invading the Russian city of Kursk and impending earthquake warnings in Japan’s Nankai Trough. These posts use language that mimics genuine emergency communications to add a sense of urgency and credibility to the scam.
The mechanics behind these scams involve the manipulation of X’s content display system, particularly the use of Twitter Cards. Scammers embed images that appear to be legitimate content warnings from X, but when users click on these images, they are redirected to a URL at the app.link domain. From there, users are taken through a series of websites before landing on a scam site, which could lead to exposure to explicit content or the installation of harmful software on their devices.
One of the reasons these scams have been so effective is the way scammers exploit Twitter Cards to make their posts appear legitimate. The app.link site serves up a harmless HTML page containing the necessary Twitter Card metadata when it detects that the connection is coming from X, fooling X into displaying the fake content warning image as part of the post. As scammers continue to find new ways to evade detection, X’s automated systems for detecting and removing malicious content are put to the test.
In response to these scams, X has been working to combat them, but the ever-evolving tactics of scammers present a significant challenge. Users are advised to remain vigilant while navigating the platform, double-check the legitimacy of content, and avoid clicking on links from unfamiliar sources. By staying informed and exercising caution, users can protect themselves from falling victim to these increasingly sophisticated scams.
As the scammers continue to find new ways to exploit X and its users, the platform will need to continue refining its detection and prevention mechanisms to stay ahead of the game. By remaining vigilant and informed, users can help in the fight against these malicious actors on social media platforms.