Fake X content warnings on the Ukraine war, earthquakes are exploited as clickbait.
X has long had a bot problem, but now scammers are using the Ukraine war and earthquake warnings in Japan to trick users into clicking on phony content warnings and videos that direct them to scam adult sites, dangerous browser extensions, and dodgy affiliate sites.
For months, X has been inundated with posts that look to be sexual videos but, when clicked on, direct you to fraudulent adult websites.
As watched by X users "Slava Bonkus" and "Cyber TM," scammers have now begun making posts claiming to offer dramatic information about Ukrainian forces attacking Kursk or warnings about an earthquake in Japan's Nankai Trough.
"Emergency information on the Nankai Trough mega-earthquake: What should we be concerned about from now on? Everything is summarized in this article. Please read it carefully and organize your itinerary," says the phony tweet concerning the Nankai Trough earthquake warnings.
Instead of providing false videos, they show bogus X content warnings that must be clicked to access the material.
These content warnings are actually graphics that, when clicked, connect to a URL at the app.link domain, redirecting users via a number of sites until they arrive at a fraud website. These scam sites are mostly adult-oriented, but they may also contain dangerous information, such as tech support scams, malware browser extensions, or affiliate scams.
X shows these phony content warning graphics because when a post is first created, the social media site reads the content at the posted URL. If the app.link site identifies a connection from Twitter, most likely via its user agent, it will not redirect to any other sites.
Instead, it will show an HTML page that uses Twitter cards' HTML metadata to instruct X how the post should be displayed, including the image, description, and other elements.
This tactic has been utilized for years, with BleepingComputer first reporting on it in 2019 and the technique lately being employed in cryptocurrency scams.
Source: BleepingComputer
