Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.
Thousands of Twitter users have fallen into the trap of allowing rogue third-party applications access their Twitter accounts, believing that it would tell them how many people have unfollowed them.
A typical message reads:
58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin
See the hashtags? They appear to be currently trending phrases on Twitter – presumably the rogue applications are using them in the messages they spam out in an attempt to trick more users into clicking on the links.
If you do click on the link you are asked to give authorisation for a third-party application to access your Twitter account.
Don’t, whatever you do, press the “Allow” button. If you do, then a third party is now capable of tweeting messages in your name to all of your Twitter followers – which spreads the scam virally across Twitter and may result in one of your online friends also having their account compromised.
So, how do the scammers make money? That’s the next piece of the jigsaw.
You’re anxious to find out who has unfollowed you on Twitter. The scammers take advantage of that by presenting a webpage which looks as if it’s about to reveal that information – but is actually designed to make you take an online survey instead.
The scammers make money for each survey that is completed.
If you were unfortunate enough to grant one of these rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.
(Note that the scammers are using a variety of different applications – so you may see a different name from the one I picture above).
Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.
If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.
Related Posts
- Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Is Kian Egan leaving Westlife or has he been Twitter hacked?
Kian Egan, a singer with the Irish boyband Westlife, has been forced to deny that he is leaving the chart-topping pop group after statements were posted on his Twitter account.
Egan had over 60,000 fo... - Spam from your Facebook account? Malware attack poses as official warning
Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, preten... - Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl
It's starting to seem like Facebook can't win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using... - Why you shouldn’t reveal your Royal Wedding Guest name on Facebook
In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.Here's a typical message that is currently being spread by well... - Facebook’s two-factor authentication announcement raises questions
Amid mounting criticism of Facebook's attitude to its users' privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent una... - Doctor Who calling-on Skype, with malware
Earlier this week, I received a phone call via Skype on my laptop, the caller's ID was "dralerthelpzc8" as in Dr Alert Help ZC8. The voice on the other end was automated, computerized and otherwise no... - Attacks rise 70% on social networks like Facebook and Twitter
Sophos research reveal a 70% rise in reports of malware and spam on social networks like Facebook and Twitter. View the full report www.sophos.com... - Osama bin Laden dead – so watch for the spams and scams
Google's top-trending Anglophone search term right now is, understandably, "osama bin laden dead". Google officially describes its hotness (you couldn't make this stuff up) as volcanic.The short versi...
Posted on 19 April 2011. Tags: Application, Featured, networks, rogue, Scam, Social, Spam, Survey, Twitter
The above information is reprinted from and copyrighted © by Naked Security - Sophos.
