Over the past four days, some Twitter users have been noticing something strange: a flurry of tweets that appear to depict a young person removing their underwear.
They’re “promoted tweets” — essentially ads users have paid Twitter put in people’s timelines whether they’re following the advertiser or not.
Brands and celebrities use them to promote themselves. But these tweets were different. Not only did they feature unsettling images, which multiple users suggested might be child pornography, they also linked to a phishing site made to resemble YouTube.
So far this same picture has been sent from at least a dozen users’ accounts, though it no longer appears on any of their timelines. One of the senders claimed their account had been hacked.
The linked website looks eerily like Youtube but can’t be closed unless you perform a hard shut down on your computer. A software developer who reported the issue to Twitter support on Sunday claimed the linked site was attempting to install malware on his browser.
Other promoted tweets, including one depicting a beckoning woman sitting on what appears to be a toilet, have also showed up on users’ timelines and link to the same imposter YouTube site. Many of these promoted tweets were disguised as play.google.com links.
Promoted tweets, which Twitter receives money to include in timelines, have a history of including downright offensive content, including tweets supporting the murder of Arabic people, or suggesting trans people take their own lives. It seems Twitter still hasn’t found a way to stop the promoted tweets feature from being abused. Luckily there are some extensions that will keep promoted tweets from ever appearing on your timeline.
A person familiar with the platform said the URLs associated with these promoted tweets were being banned by Twitter and that the user responsible had been identified by their credit card.
If you believe you’ve been a victim of this phishing attack, report a hacked account here. Turning on two-factor authentication will help protect you.