Twitter Can be Tricked Into Showing Misleading Embedded Links

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/twitter-can-be-tricked-into-showing-misleading-embedded-links/

A long standing Twitter issue allows bad actors to manipulate tweets so that they appear to contain content from one site, but actually link to a completely different one. This enables creating tweets that look like legitimate articles from well-respected sites, but actually link to pages serving phishing, malware, or scams.

Whenever you share a new link in a tweet, Twitter will send a bot to the linked web page and check for special meta tags in the HTML source. If these tags exists, Twitter will use the information in the page to create a rich media block called Twitter Cards that is filled with additional text, images, or video.

Bad actors, though, can manipulate how Twitter accesses a linked to page so that the Twitter cards are created from metadata found on another site.

Continue reading below:

Twitter Can be Tricked Into Showing Misleading Embedded Links

Twitter has a problem with validating the cards with extra content attached to a tweet that has been abused in the past and can still be used to direct users to malicious websites.

www.bleepingcomputer.com