Twitter App Cards Hijacked for Spam

It seems some folks have found a way to spoof Twitter cards for their own personal benefits.  The spam Tweet shown below that I was sent tonight looked like a standard Twitter App card for Pinterest mobile app but it’s certainly not!

The link is obviously not a for Pinterest or the App store but what makes this attempt scary is that if they picked a domain that was similar enough to Pinterest then it would potentially be very successful and far harder for users to notice.

One other reason that it failed is that this is a random account but if this tactic was done from a compromised account then it’s possible more than a few people may click the link expecting to download the Pinterest app.  It should be easy enough for Twitter to shut these type of exploit down as this time the data-user-id#106837463 was identified as invalid and the data-screen-name was when it maybe should have been something like


The First Link link goes from the Twitter shortner to a random and unique long URL.  It seems every tweet got their own unique URL so there is automation and tracking in place so you should be careful not to click these types of links for any reasons!


The Second Link shows a 302 redirect to some type of php script, typically check.php is a tool that can be used to diagnose code issues such as CAPCTHA verification images not showing so you should be concerned if something a bit more advanced is running.


What to do if you receive these types of Tweets?

You should report these types of links directly to Twitter and NEVER EVER click on the link in the Tweet as your computer can easily be infected with malware! You can report spam tweets directly to tweet here using the form in the screenshot below.

spam-linkIf you know for certain that there is something suspicious about the tweet you can also flag the media by using the link shown in the screenshot below in the hope it may reduce the chance other users see and click the tweet link.  I’ve got no idea if Twitter actually makes use of this feature for identifying spam.