Found an interesting spam/scam scheme today:
- Attacker posts their link that redirects to a legit news article
- Twitter resolves the redirect to news article
- Twitter hides link from Tweet and displays Twitter Card with news domain
- Attacker changes redirect to spam site
The Tweet now displays a legit looking Twitter Card with the news website domain, but actually goes to the scammer.