bleepingcomputer[.]com/news/security/heres-why-twitter-sends-you-to-a-different-site-than-what-you-clicked/
In a nutshell, Do Not click any link in a Twitter post or ad that leads to an external web site, because you don't know where you'll wind up. What Bleeping Computer calls *Threat Actors* have been exploiting this for quite some time.
This is how X can be fooled into showing a website name in a post (or worse, an ad) which is completely different from where users would be arriving.The flaw is especially problematic on X mobile apps as, unlike in a Desktop web browser where one could easily hover over the link to see where it's taking them, that functionality (i.e. a status bar) is completely absent on mobile.
That means users will only see "forbes.com" on the app and, after tapping the preview, immediately arrive at the Telegram account in question.
The slick trick can be abused by all kinds of adversaries, from crypto scammers to those pushing malware, trojanized app installs, phishing, and spam services to prey on unsuspecting users.