Elon Musk changing ‘Twitter’ to ‘X’ in posts was a scammers’ paradise
Elon Musk changing ‘Twitter’ to ‘X’ in posts was a scammers’ paradise
When URLs on the site were autocorrected from Twitter.com to X.com this week, social media users were quick to think up phishing attempts.
BY Clint Rainey
From Monday to Tuesday of this week, the social media platform X (formerly Twitter)—Elon Musk’s sanctum of free speech—briefly became a scammers’ paradise because of an executive decision to change the free speech of posts he didn’t like.
Since the site’s rebrand in July, the team at what’s now X has been urging the media, the public, and the platform’s own users to retire “Twitter,” “Twitter.com,” “tweet,” “retweet,” and other words from their lexicon. But habits die hard when they involve forgetting terms that have entered the public vernacular. Apparently, to speed up the transition, on Monday X tried editing “Twitter” out of web links typed out in users’ posts, changing their text without permission so it read “X” instead.
This was done irrespective of whether the URL in question was, in fact, Twitter.com. The oversight—first noticed by Matt Binder at Mashable—was corrected the next day, sometime on Tuesday. But during that short period, users made hay of the discovery. Anywhere that “twitter.com” appeared in a post, either new or old, the text in the iOS app would now populate as “X.com.”
Since the auto-change seemingly was coded for every occurrence, people realized this created potential for great unintentional hilarity.
Thanks to this bug, I can finally check my https://t.co/yEizHkXnaC package!
— Qvorum (@QvorumN) April 8, 2024
If you’re thinking, Isn’t this the kind of mistake a new enrollee at Learn2Code makes?, you aren’t alone: Lots of users warned this was the absolutely ideal setup for phishing—where bad actors create a link that looks like a well-recognized safe site, but actually directs people who click it somewhere else.
someone is gonna buy https://t.co/kQGEXZNSXX and phish people on twitter
— Ziege (@ziegenhainy) April 9, 2024
it actually worked lmao, i typed https://t.co/qabu38Sjt5 and it automatically replaced to https://t.co/w4xVNrLhXh, heres screenshot for proof pic.twitter.com/LZi1MZxoEC
— dave (@luzfic) April 8, 2024
“NetfliTwitter.com” was one unintentionally hilarious URL that started circulating. For hours, iOS users would see effectively a “netflix.com” honeypot, but would get a free trip to netflitwitter.com. (All X was changing were the characters themselves, not the URL they linked to.)
shows like this but still goes to the original url ?????? pic.twitter.com/7x2pYLTkj3
— kumiko (@lapaiiowo) April 8, 2024
A quick-thinking Good Samaritan ended up buying netflitwitter.com, and setting up a landing page that explained:
As of April 8, 2024, the iOS Twitter (now X) client automatically replaces the text “twitter.com” in posts with “x.com” as part of its functionality.
Therefore, for example, a URL that appears to be “netflix.com” will actually redirect to “netflitwitter.com” when clicked.
Please be aware that there is a potential for this feature to be exploited in the future, by acquiring domains containing “twitter.com” to lead users to malicious pages.
This domain, “netflitwitter.com,” has been acquired for protective purposes to prevent its use for such malicious activities.
Cybersecurity blog Krebs on Security criticized X’s move as “clumsy” and “a gift to phishers,” and also reported that at least 60 new domain names ending in “twitter.com” were registered on Monday and Tuesday. According to Krebs, most were picked up “defensively” to prevent the addresses from being acquired by scammers.
Among them was goodrtwitter.com (which could be used create a fake GoodRX link). Visitors to goodrtwitter.com were greeted with a message that read, “When you clicked this link, you probably thought you were looking at something like ‘goodrx.com.’ Simple URL substitution can cause this kind of thing to happen.” The message ended by calling X’s sloppiness out, writing: “Are you serious, X Corp?”
Carfatwitter.com (for Carfax), roblotwitter.com (Roblox), and yandetwitter.com (Yandex, Russia’s Google) were other URLs that got snagged.
Not all users had such pure intentions, though. Setwitter.com was a popular fake site to post for a while.
Elon is trying so hard for us to call this app “X” that if you put “twitter” on an URL in iphone it’ll automatically change it to “X” pic.twitter.com/W83dyrapY6
— Kris (@KrisSkulls) April 10, 2024
As were gibberish URL strings that didn’t go anywhere, but looked like actual porn sites:
elon musk is starting a tiktok alternative! it’s called twittervideos and will be accessible at https://t.co/mGMVIUQoGT
— sophie Esq. (@neverendingftr) April 8, 2024
Musk maybe should have seen this coming, though. His long-running obsession with the letter X—he’s now created SpaceX, xAI, Tesla model X, a child named X Æ A-Xii, and X.com, the online bank PayPal acquired in 2000—has persisted despite of years of warnings from colleagues and market research suggesting his preferred company name has branding issues. Biographer Walter Isaacson has said the domain X.com “conjured up visions of a seedy site you would not talk about in polite company” when Musk tested it with focus groups, while Max Chafkin wrote in his book about PayPal cofounder Peter Thiel that consumers “disliked the brand name, because it reminded them of porn.”
ABOUT THE AUTHOR
(11)