In response to attempts to automatically convert 'twitter.com' to 'x.com' in posts on X (formerly Twitter), phishing domains were acquired one after another



Even after

Twitter changed its name to X in July 2023, the URL 'twitter.com' was still used, but the iOS app began to automatically replace 'twitter.com' in posts with 'x.com'. However, since this is an automatic conversion, there were attempts at phishing that exploited this conversion function, and the function was suspended after just two days.

Twitter's Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security
https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/



According to Brian Krebs of Krebs on Security, when the 'twitter.com' to 'x.com' conversion feature was rolled out on April 9, 2024 local time, at least 60 domains were acquired for phishing purposes within two days.

One example is ' fedeetwitter [.]com'. This URL is automatically converted into ' fedex.com ' in X's post, making it look like a link to the official website of the major delivery company FedEx. However, since this is only a display URL that has been converted, if you click on the URL in the post, you will be redirected to 'fedeetwitter[.]com', which has nothing to do with FedEx.

Similarly, the following domains have been confirmed to have been acquired: On the right is the site that the automatically converted domain should point to.
・square-enitwitter[.]com: square-enix.com (game maker Square Enix)
・goodrtwitter[.]com: goodrx.com (healthcare information site)
・yandetwitter[.]com: yandex.com (Russian portal site)
・roblotwitter[.]com: roblox.com (gaming platform)
・neobutwitter[.]com: neobux.com (Paid to Click business site)

Some domains have been revealed to have been acquired as a defensive measure. For example, “netflitwitter[.]com” becomes “netflix.com” after conversion, and it has been revealed that it was acquired by a Japanese user X to prevent it from being used for malicious purposes.



Also, some people took advantage of the automatic conversion to obtain 'setwitter[.]com', which of course was converted to 'sex[.]com' in X's posts.



The conversion feature appears to have only been rolled out to the iOS version of the app, and X said it was made aware of the issue and fixed it so that only references to 'twitter.com' are converted to 'x.com.'

Specifically, in an environment where conversion is performed, 'twitter.com' in the post will be converted to 'x.com'. If 'twitter.com' and 'x.com' are mentioned, as in this article, both will be converted to 'x.com', resulting in a confusing situation.



in Software,   Web Service,   Security, Posted by logc_nt