In the digital era, Online Social Networks~(OSNs) play a crucial role in disseminating information, with sharing cards for link previews serving as a key feature. These cards provide snapshots of shared content, including titles, descriptions, and images. However, the security implications of these cards remain largely overlooked. This paper introduces the \textit{Mirage Card Attack}, a novel class of attacks that exploits vulnerabilities in sharing card mechanisms across major OSNs. We identify two primary attack vectors: \textit{Proxy-Based Redirection} and \textit{User-Agent-Based Cloaking}. These attacks leverage design flaws in Share-SDK implementations and HTML meta tag usage, allowing attackers to bypass existing security measures and present deceptive content to users. Our systematic analysis reveals critical vulnerabilities in current sharing card systems. We demonstrate the feasibility of these attacks through comprehensive evaluations across 8 major OSNs for \textit{User-Agent-Based Cloaking} and 6 OSNs for \textit{Proxy-Based Redirection}. Additionally, we analyze 8 widely used card generation tools, uncovering significant security gaps. Our experiments show that some forged cards persist for over 15 days, highlighting the inadequacy of existing detection methods. To evaluate the practical impact of Mirage Card Attacks, we conduct a user study to assess their ability to deceive users. The results indicate that only 18% of the participants successfully identify forged cards, demonstrating the high effectiveness of the attack. Furthermore, exposure to forged cards significantly erodes user trust in OSNs, with 38% of participants reporting a reduced likelihood of engaging with shared content in the future. This work exposes the high feasibility and potentially severe consequences of Mirage Card Attacks while providing crucial insights for enhancing OSN security.