silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
Continue reading below:A long standing Twitter issue allows bad actors to manipulate tweets so that they appear to contain content from one site, but actually link to a completely different one. This enables creating tweets that look like legitimate articles from well-respected sites, but actually link to pages serving phishing, malware, or scams.
Whenever you share a new link in a tweet, Twitter will send a bot to the linked web page and check for special meta tags in the HTML source. If these tags exists, Twitter will use the information in the page to create a rich media block called Twitter Cards that is filled with additional text, images, or video.
Bad actors, though, can manipulate how Twitter accesses a linked to page so that the Twitter cards are created from metadata found on another site.
Twitter Can be Tricked Into Showing Misleading Embedded Links
Twitter has a problem with validating the cards with extra content attached to a tweet that has been abused in the past and can still be used to direct users to malicious websites.
www.bleepingcomputer.com