As noted by security researcher Will Dormann, some posts on X purport to lead to a legitimate website, but actually redirect somewhere else. In Dormann’s example, an advertisement posted by a verified X user claims to lead to forbes.com. When Dormann clicks the link, however, it takes him to a different link to open a Telegram channel that is, “helping individuals earn maximum profit in the crypto market,” he said. In short, the “Forbes” link leads to crypto spam
Sounds like an issue with pretty much all URL shortening/redirection services on any service.
Even if the link was legit when they posted it and always went to forbes (not that forbes is much more than blogspam these days), it might not be legit when you go to click on it.
It’s all just 3rd party tracking bullshit anyway. The modern internet is horseshit.