Article Details
Scrape Timestamp (UTC): 2024-08-11 15:23:04.730
Original Article Text
Click to Toggle View
Fake X content warnings on Ukraine war, earthquakes used as clickbait. X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. For months, X has been flooded with posts that contain what appears at first glance to be a pornographic video but, when clicked on, brings you to fake adult sites. As tracked by X users "Slava Bonkus" and "Cyber TM," the scammers have now also started creating posts pretending to contain sensational information about the Ukrainian forces invading Kursk or warnings about an earthquake in Nankai Trough, Japan. "Emergency information on the Nankai Trough mega-earthquake: What should we be careful of from now on? It's all summarized in this article. Please read it carefully and plan your schedule," reads the fake tweet about Nankai Trough earthquake warnings. However, instead of showing fake videos, they display fake X content warnings that must b These content warnings are actually images that, when clicked, connect to a URL at the app.link domain, which then redirects users through a series of sites until they ultimately land on a scam site. These scam sites are usually adult sites, but they could also be for malicious content, such as tech support scams, malicious browser extensions, or affiliate scams. X displays these fake content warning images because when the post is first created, the social media site will read the content at the posted URL. If the app.link site detects that the connection is from Twitter, likely through its user agent, it will not redirect to the other sites. Instead, it will display an HTML page that utilizes Twitter cards HTML metadata to tell X how the post should be displayed, including the image, description, and other content. This trick has been used for years, with BleepingComputer first reporting about it in 2019 and the technique recently used for cryptocurrency scams.
Daily Brief Summary
Scammers are exploiting the Ukraine war and Japanese earthquake warnings to create enticing clickbait on social media platforms.
Posts initially appear to contain pornographic videos but redirect users to fraudulent adult websites and other scam sites.
Fake posts include sensational claims about Ukrainian forces or emergency alerts about significant earthquakes to attract clicks.
Clicking on these deceptive content warnings leads to URLs that route through multiple domains before landing on scam platforms.
These scams also involve malicious browser extensions and tech support scams in addition to adult sites.
Social media mechanisms are manipulated, using Twitter cards HTML metadata to display misleading images and descriptions.
The technique has been known since 2019, and has also been used for cryptocurrency scams, showcasing its persistent effectiveness.
Users are advised to be cautious when interacting with sensational or emergency-related content on social media.