X Ranks Third in Q1 2025 for LOTS Attacks, Suspicious t.co Link Highlights Phishing Risks

A recent tweet featuring only a t.co URL from an account identified as "ᐱ ᑎ ᑐ ᒋ ᕮ ᒍ" underscores ongoing concerns regarding the use of X's (formerly Twitter's) link shortener in potential phishing and malicious campaigns. This type of ambiguous link, devoid of descriptive text, has become a hallmark of online threats, prompting cybersecurity experts to warn users about exercising extreme caution.

X utilizes the t.co domain to shorten all links shared on its platform, a service designed to protect users from harmful activity by checking against dangerous sites and providing valuable analytics. However, this same mechanism has been exploited by malicious actors to mask the true destination of URLs, making it difficult for users to discern legitimate content from phishing attempts or malware.

According to a Q1 2025 report by Sublime Security, X was identified as the third-most abused platform for Living Off Trusted Sites (LOTS) attacks. These attacks frequently leverage t.co links to disguise credential phishing payloads and other malicious content, as revealed by the cybersecurity firm. The platform's widespread use and the automatic shortening of all links create a fertile ground for such deceptive practices.

Users are advised to remain vigilant when encountering t.co links, especially those from unfamiliar or suspicious accounts, or those lacking context. Cyber security experts recommend hovering over shortened links to reveal the full URL if possible, or using online tools to expand them safely before clicking. X continues to implement measures to combat abuse, but user awareness remains a critical defense against these evolving threats.