One of the most appreciated features of Twitter is that information can be spread very fast. Many people are using the service to get up-to-date information about breaking news topics. We often even see online newspaper referring to sources on Twitter. One of the obvious challenges for users is to determine if the source is trustworthy or not.
Unfortunately, these circumstances are being abused by attackers. They simply check the Twitter home page for trendy topics, which reveals messages that have been reposted several times already. The attacker selects one of these tweets containing a shortened URL, which is replaced with a different shortened URL, pointing to a malicious website. Since the text in the messages is identical, the user cannot tell that new shortened URL leads to a malicious website, rather than the original story. Therefore some people will inevitably follow it wherever it may lead.
The following screenshot is an example where a company is using the news to advertise their stock market-related videos, but we have seen the same tactics used to lure users to infected websites as well.
It’s hard to tell just by looking at a post if it is genuine or not, if not impossible. Users may want to install browser extensions that reveal the final destination of shortened URLs. But even then it is very hard to spot the malicious links, as it is often a legitimate website that has been compromised and converted to host drive-by download attacks. Therefore it’s a good idea to have your computer and software patched—including the browser—and have security software installed, so as not fall victim to such drive-by download attacks.
In feedback we have received from Twitter, they have informed us that this is definitely an issue that they're aware of and have done some preliminary work with in the form of the t.co <http://t.co/> shortener (currently used in DM notification emails).
Furthermore, Twitter have also informed us that they are using another tactic, the “expand” button, which can be seen next to the first link in the screenshot. This allows Twitter users to expand the shortened links by clicking on this button when looking at search results so that they can be sure where the link leads. Apparently they are still working on this concept in order to ensure that even shortened URLs shortened by other URL shorteners are expanded correctly.
Twitter also says that they are actively working on other features that they believe will increase user safety and security.