Twitter Can be Tricked Into Showing Misleading Embedded Links

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,746
123,926
8,399
Content source
https://www.bleepingcomputer.com/news/security/twitter-can-be-tricked-into-showing-misleading-embedded-links/
A long standing Twitter issue allows bad actors to manipulate tweets so that they appear to contain content from one site, but actually link to a completely different one. This enables creating tweets that look like legitimate articles from well-respected sites, but actually link to pages serving phishing, malware, or scams.

Whenever you share a new link in a tweet, Twitter will send a bot to the linked web page and check for special meta tags in the HTML source. If these tags exists, Twitter will use the information in the page to create a rich media block called Twitter Cards that is filled with additional text, images, or video.

Bad actors, though, can manipulate how Twitter accesses a linked to page so that the Twitter cards are created from metadata found on another site.
Click to expand...
Continue reading below:
www.bleepingcomputer.com

Twitter Can be Tricked Into Showing Misleading Embedded Links

Twitter has a problem with validating the cards with extra content attached to a tweet that has been abused in the past and can still be used to direct users to malicious websites.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Andy Ful, CyberTech, Gandalf_The_Grey and 4 others
You must log in or register to reply here.

You may also like...