Twitter’s latest twist in the “Profile Views” scam

This blog post is still in the works – replace graphics…

profile views

The current Twitter scam builds on prior profile view scams but now includes an interesting twist.

The latest Twitter “visit my profile for the website!” scam is following hot on the heels of a recent Facebook viewer profile scam that was reported by Sophos last Tuesday.  The current Twitter scam builds on prior profile view scams but now includes an interesting twist. Instead of placing a link directly in the tweet, the scammer now points you to their profile. Using shortened URL services – the scammer profile includes a Bit.ly link that redirects to TinyURL.com, with the final HTTP Redirect to a co.cc domain with a request for an OAUTH token to authorize S,E,E |||| W.H.O version 1.4, a malicious Twitter app.

Each survey leads to unsavory websites that include phishing.

Once you authorize this malicious app, you will be logged into the viewers area at co.cc. Next, you have to complete a short survey in order to unlock the page. You have a choice of five surveys to complete. Each survey leads to unsavory websites that include phishing.

almost-done

The information that most of these surveys request include:

  • Full name
  • Complete address
  • Date of Birth
  • Phone number
  • Email address
  • Income
  • Education
  • Credit card information

Many of these scam surveys also want you to provide the last 4 digits of your social security number…

Many of these scam surveys also want you to provide the last 4 digits of your social security number for age verification. I had a grand chuckle over yesterday’s verification popup because it helps them from confusing me with another consumer…

social security number

Within a few hours of authorizing this app, you will note activity on your twitter account. The tweets include a TinyURL link that changes every 7-10 minutes until Twitter’s spam trap catches it.

tiny

The art of social spamming

In order to qualify for certain fake or deceptive offers, people had to spam their friends…

It is not surprising to find CTO of CPALead, LLC,  Jason Swan sitting at the helm. Last year Facebook filed a lawsuit against him:

In three separate complaints, we allege that Steven Richter, Jason Swan, and Max Bounty, Inc. used Facebook to offer enticing, but non-existent products and services.  According to our complaints, the defendants, among other things, represented that in order to qualify for certain fake or deceptive offers, people had to spam their friends, sign up for automatic mobile phone subscription services, or provide other information. –Facebook

cp-spam

Social spam is interactive and these nasty Blackhat affiliate marketers are very aware of this fact.

Social spam is interactive and Blackhat affiliate marketers are very aware of this fact. Often they use CPM (Cost Per Action affiliate marketing) techniques to lure potential victims into clicking on offers that are obviously too good to be true to the lot of us. Unfortunately, they manage to entice plenty of gullible believers into pursuing these fraudulent  iPad  or $1,000.00 gift certificate scams…

Let the spam begin

After running two test accounts with this malicious app – Twitter filtering was able to intervene within the space of an hour:

Twitter action

By tomorrow I should have an inbox full of bogus offers…

The test email accounts were not so lucky. Email spam from domains like Smart-buyertoday was the first to hit my inbox inviting me to click for more enticing offers. By tomorrow I should have an inbox full of bogus offers and these test email addresses will become part of the spammers database of online-idiots-who-can-be-easily-seduced.

Unlocking the screen at co.cc

Once the co.cc viewers panel is unlocked , the follow button leads directly  to Unfriend Finder at userscripts.org.

Once the co.cc viewers panel is unlocked , the follow button leads directly  to Unfriend Finder at userscripts.org. Unfriend Finder is a script that assists you in finding out who defriended you on Facebook. Ironically, there is also an Unfriend-Finder (SyncMyFriends) Facebook application (most likely another rogue app) that does not appear to be connected to userscripts.org or the UnfriendFinder Official Site.

Facebook script

No app can tell you who viewed your profile

On the other side of the coin, there are those who are simply too gullible to have an account on any social networking site.

This Darkhat affiliate scam has been around the block for a few years now. Though Twitter is proactive in shutting down fake profile tweetstream links  – they still need to address tweets that direct people to bogus profile redirect links.

In the good old days we would have told them to unplug their computer, pack it up and ship it back to the vendor…

People that are new to Twitter platform could easily get caught up in clicking on a fake profile link. On the other side of the coin, there are those who are simply too gullible to have an account on any social networking site. You know the type – they click on every link that appears on their screen and they install every app that they run across. In the good old days we would have told them to unplug their computer, pack it up and ship it back to the vendor…

Do you have any thoughts on ways to address rogue apps on Twitter?


Leave a reply