Elon Musk changing ‘Twitter’ to ‘X’ in posts was a scammers’ paradise

Elon Musk changing ‘Twitter’ to ‘X’ in posts was a scammers’ paradise

When URLs on the site were autocorrected from Twitter.com to X.com this week, social media users were quick to think up phishing attempts.

BY Clint Rainey

From Monday to Tuesday of this week, the social media platform X (formerly Twitter)—Elon Musk’s sanctum of free speech—briefly became a scammers’ paradise because of an executive decision to change the free speech of posts he didn’t like.

Since the site’s rebrand in July, the team at what’s now X has been urging the media, the public, and the platform’s own users to retire “Twitter,” “Twitter.com,” “tweet,” “retweet,” and other words from their lexicon. But habits die hard when they involve forgetting terms that have entered the public vernacular. Apparently, to speed up the transition, on Monday X tried editing “Twitter” out of web links typed out in users’ posts, changing their text without permission so it read “X” instead.

This was done irrespective of whether the URL in question was, in fact, Twitter.com. The oversight—first noticed by Matt Binder at Mashable—was corrected the next day, sometime on Tuesday. But during that short period, users made hay of the discovery. Anywhere that “twitter.com” appeared in a post, either new or old, the text in the iOS app would now populate as “X.com.”

Since the auto-change seemingly was coded for every occurrence, people realized this created potential for great unintentional hilarity.

If you’re thinking, Isn’t this the kind of mistake a new enrollee at Learn2Code makes?, you aren’t alone: Lots of users warned this was the absolutely ideal setup for phishing—where bad actors create a link that looks like a well-recognized safe site, but actually directs people who click it somewhere else.

“NetfliTwitter.com” was one unintentionally hilarious URL that started circulating. For hours, iOS users would see effectively a “netflix.com” honeypot, but would get a free trip to netflitwitter.com. (All X was changing were the characters themselves, not the URL they linked to.)

A quick-thinking Good Samaritan ended up buying netflitwitter.com, and setting up a landing page that explained:

As of April 8, 2024, the iOS Twitter (now X) client automatically replaces the text “twitter.com” in posts with “x.com” as part of its functionality.

Therefore, for example, a URL that appears to be “netflix.com” will actually redirect to “netflitwitter.com” when clicked.

Please be aware that there is a potential for this feature to be exploited in the future, by acquiring domains containing “twitter.com” to lead users to malicious pages.

This domain, “netflitwitter.com,” has been acquired for protective purposes to prevent its use for such malicious activities.

Cybersecurity blog Krebs on Security criticized X’s move as “clumsy” and “a gift to phishers,” and also reported that at least 60 new domain names ending in “twitter.com” were registered on Monday and Tuesday. According to Krebs, most were picked up “defensively” to prevent the addresses from being acquired by scammers.

Among them was goodrtwitter.com (which could be used create a fake GoodRX link). Visitors to goodrtwitter.com were greeted with a message that read, “When you clicked this link, you probably thought you were looking at something like ‘goodrx.com.’ Simple URL substitution can cause this kind of thing to happen.” The message ended by calling X’s sloppiness out, writing: “Are you serious, X Corp?”

Carfatwitter.com (for Carfax), roblotwitter.com (Roblox), and yandetwitter.com (Yandex, Russia’s Google) were other URLs that got snagged.

Not all users had such pure intentions, though. Setwitter.com was a popular fake site to post for a while.

As were gibberish URL strings that didn’t go anywhere, but looked like actual porn sites:

Musk maybe should have seen this coming, though. His long-running obsession with the letter X—he’s now created SpaceX, xAI, Tesla model X, a child named X Æ A-Xii, and X.com, the online bank PayPal acquired in 2000—has persisted despite of years of warnings from colleagues and market research suggesting his preferred company name has branding issues. Biographer Walter Isaacson has said the domain X.com “conjured up visions of a seedy site you would not talk about in polite company” when Musk tested it with focus groups, while Max Chafkin wrote in his book about PayPal cofounder Peter Thiel that consumers “disliked the brand name, because it reminded them of porn.”


ABOUT THE AUTHOR

Clint Rainey is a Fast Company contributor based in New York who reports on business, often food brands. He has covered the anti-ESG movement, rumors of a Big Meat psyop against plant-based proteins, Chick-fil-A’s quest to walk the narrow path to growth, as well as Starbucks’s pivot from a progressive brandinto one that’s far more Chinese. 


Fast Company

(10)