Twitter has become an up-to-date news source for millions of people due to the speed with which news spreads through the network. While individual users dominate the service, businesses need to continuously educate their employees who use Twitter to ensure that the source is trustworthy. On Twitter, determining this can prove difficult.
One of the most appreciated features of Twitter is that information can be spread very fast. Many people are using the service to get up-to-date information about breaking news topics. We often even see online newspaper referring to sources on Twitter. One of the obvious challenges for users is to determine if the source is trustworthy or not.
Unfortunately, these circumstances are being abused by attackers. They simply check the Twitter home page for trendy topics, which reveals messages that have been reposted several times already. The attacker selects one of these tweets containing a shortened URL, which is replaced with a different shortened URL, pointing to a malicious website. Since the text in the messages is identical, the user cannot tell that new shortened URL leads to a malicious website, rather than the original story. Therefore some people will inevitably follow it wherever it may lead.
It is still very hard for users to spot the malicious links, as it is often a legitimate website that has been compromised and converted to host drive-by download attacks. Having the computer and software patched and having security software installed, could decrease the chances of falling victim to such drive-by download attacks.
The screenshot above is an example where a company is using the news to advertise their stock market-related videos, but we have seen the same tactics used to lure users to infected websites as well.
It's hard to tell just by looking at a post if it is genuine or not, if not impossible. Users may want to install browser extensions that reveal the final destination of shortened URLs. But even then, it is very hard to spot the malicious links, as it is often a legitimate website that has been compromised and converted to host drive-by download attacks. Therefore, it's a good idea to have your computer and software patched – including the browser – and have security software installed, so as not to fall victim to such drive-by download attacks.
In feedback we have received from Twitter, they have informed us that this is definitely an issue that they're aware of and have done some preliminary work with in the form of the t.co shortener (currently used in DM notification emails).
Furthermore, they have also informed us that they are using another tactic, the "expand" button, which can be seen next to the first link in the screenshot. This allows Twitter users to expand the shortened links by clicking on this button when looking at search results so that they can be sure where the link leads. Apparently, they are still working on this concept in order to ensure that even shortened URLs shortened by other URL shorteners are expanded correctly.
Twitter also says that they are actively working on other features that they believe will increase user safety and security.