Crypto Scammers Abusing Twitter Cards via Redirects

Twitter has a problem with scam advertising. Rather than having humans manually check adverts for acceptability and authenticity, they let almost anyone promote anything.

Whatever meagre protections they build in are rapidly evaded by the scammers. Let's take a look at an example of a promoted crypto-scam about Singapore. I'd say it was obviously a fake, but Twitter says this story comes from CNBC...!

Take a look at the bottom of the image - the CNBC domain name is there...

Diving into the source code of the ad, we can see that the link does not go to CNBC.

In fact, it goes to a crappy WordPress rip-off site on a completely different domain.

What's going on?

Twitter has a product called Twitter Cards which lets developers embed data on their page. These data are used to display large images, videos, and other stuff on the Twitter site.

What's curious is that there are no meta-tags on that spam site to populate the Twitter Card.
So why does Twitter think the page is CNBC?

Using Twitter's Card Validator on that spam URl gives us this response:

When the spam site sees the Twitter Card Generator requesting the page, they redirect it to CNBC. Regular users are not redirected.

The Tweet was sent through the Twitter Ads Composer. Which, I guess, lets advertisers pick the image that they want to go with a link.

This is an obviously exploitable hole through which to spew disinformation.

Could this have been prevented?

The account "edayisagift" last Tweeted in 2017. It has a low follower count. I suspect it has been hijacked by spammers.

Should accounts like this be allowed to promote posts on Twitter? Is there a minimum quality threshold that should be met? Are there any ways to check adverts?

Even an automated check on common scam words, and recently reactivated accounts would help to prevent this sort of rubbish.

Perhaps they want to rely on crowdsourcing reports of bad behaviour?

The problem is, this spammy account has already been reported by reputable users - and nothing has been done about it!

This promotion is a scam. Reported to Twitter a couple of days ago, and it’s still being pushed. https://t.co/wLtM3BrarO

— Dave Kahn #FBPE (@dkahn400) February 26, 2019

Of course, crowdsourcing can also be gamed and manipulated. But this seems like such an obvious scam that I don't understand how it has been allowed to stand.

Recap

• Spammers are abusing Twitter cards to lend legitimacy to fraudulent adverts.
• Users report these scams.
• Nothing happens.
• Trust in the platform falls.

It is still going...

*sigh* this crypto spammer is still going.
Abusing Twitter redirects to advertise a fake CNBC site shilling a scam coin.

How many times does this have to be reported before it gets taken down? pic.twitter.com/knkhsjCpvF

— Terence Eden is on Mastodon (@edent) March 13, 2019