Elon Musk’s X Goes to War With Twitter.com, Creating a Phishing Nightmare

Photo: Nathan Stirk (Getty Images)
Photo: Nathan Stirk (Getty Images)
  • Oops!
    Something went wrong.
    Please try again later.

X owner Elon Musk has made it no secret that Twitter, the former name of the social media company he bought for $44 billion in 2022, is no more. He’s sold off the company’s famous blue bird memorabilia, eliminated the word “tweet” from the platform, and is now apparently trying to change all references made to Twitter.com to X.com without asking users.

The change was first reported by Mashable, which spotted posts from disgruntled and concerned users about the change on X. A few days ago, some users started noticing that X was automatically changing mentions of the Twitter.com URL to X.com on the social network’s iOS app. The change was made no matter where “Twitter” was in the URL, which means that URLs such as “NetfliTwitter.com” appeared as “Netflix.com” in posts.

However, as you might imagine, even if X automatically changed NetfliTwitter.com to Netflix.com in posts, users who clicked on the link were taken to NetfliTwitter.com—not the real Netflix home page.

While at first glance this may simply appear to be an annoying change instituted by the company, users quickly pointed out that the situation created an ideal situation for scammers. By buying up domains like NetfliTwitter.com, scammers were given a perfect opportunity to conduct phishing campaigns and steal users’ login credentials.

The X user @yuyu0127_preemptively bought the NetfliTwitter.com domain to prevent it from being used by hackers and posted the following warning:

“As of April 8, 2024, the iOS Twitter (now X) client automatically replaces the text ‘twitter.com’ in posts with ‘x.com’ as part of its functionality. Therefore, for example, a URL that appears to be ‘netflix.com’ will actually redirect to ‘netflitwitter.com’ when clicked.

Please be aware that there is a potential for this feature to be exploited in the future, by acquiring domains containing ‘twitter.com’ to lead users to malicious pages.

This domain, ‘netflitwitter.com,’ has been acquired for protective purposes to prevent its use for such malicious activities.

Mashable noted that another X user, @amasato_mochi, bought the domain “seTwitter.com,” which X was changing to “sex.com.” The user also aimed to protect the unsuspecting public from phishing attacks. The “seTwitter.com” domain currently redirects to another page with a similar warning to the one issued by @yuyu0127_.

“Please do not access suspicious URLs!” @amasato_mochi wrote. “On April 8, 2024, a dangerous feature was implemented in the iOS client for Twitter (now X) that forcibly replaces the string twitter.com in tweet contents with x.com if it is included. Consequently, there might be an increase in individuals acquiring domains that include “some string”twitter.com, and depending on the acquirers’ intentions, this could lead to malicious websites being linked.”

As of Tuesday, it appeared that X had reversed course and was no longer automatically changing “NetfliTwitter.com” to “Netflix.com” on iOS. However, Mashable noted that there were still many instances of other references of words being changed to resemble authentic websites, though it did not provide specific examples.

Gizmodo reached out to X for comment on the change on Wednesday morning but did not immediately receive a response.

For the latest news, Facebook, Twitter and Instagram.