The past two weeks I’ve noted an uptick in Twitter followers sending me strange DM’s. When I contacted them about these strange DM’s, they stated that their account had been compromised. Some valid (compromised) accounts have since been deleted by Twitter and the URLs included in the DMs appear docile at this time. [Pataloca DOT com | 184.108.40.206]
The original DM URL linked back to a tweet from an account that did not follow me. Par for the course, the third-party account generally had zero followers and did not follow any other Twitter accounts.
Then you will be whisked off to one of three separate scam campaigns:
- hxxp://finance-reports.com-tz18.net/business/2014/ [220.127.116.11 | Germany] Work at home scam
- hxxp://everyday.com-po1.net/diet/tips/ [18.104.22.168 | Finland] Platinum Garcinia Cambogia™ | Lose Weight
hxxp://beauty.com-hx50.net/health/skincare-secret/ [22.214.171.124 | Germany] PhytoCeramide | Skin care
It’s All About Internet Fraud
Work-At-Home scams have been around for well over a decade now. These scammers prey on the retired; elderly; unemployed; disabled; low-income bracket; stay-at-home moms (dads); and under-educated and gullible personality types. The beauty and diet scams mainly cater to women and always feature a prominent television personality such as Dr. Oz. At the end of it all, they giddy up and pocket your money – you get to keep your wrinkles and your fat.
Twitter Account Compromised?
You probably have malware on your computer or you may have clicked on a malicious link in your email or while browsing the web. Though Twitter has provided a great filtering service that can check DM message links; the scammers already know this and have created workarounds (such as the redirect script listed above).
Scan your computer with antivirus software and an anti-malware suite. Change the password on your Twitter account (to a complex one) and also be sure to check the apps in your settings and revoke access to any apps that you did not authorize.
Scam Sites Are Cloned
Most of them have plenty of eye candy to keep you happy with popular brand logos (USA Today, ABC, CNN, Fox News) and fake news clips. You will read fictional success stories and testimonials. Many of these one-page clones will also include your geographical location (so it feels inviting, just like home). If there is a comment section included, you will not find a single negative comment about this fabulous opportunity or miracle product.
The dead giveaway on most of these cloned sites is the top menu. All the links go to the same landing page (how to make money and a short form to check for availability). Since they already have your geo-location (if you browsed in the raw) — they generally request your first name, phone number, and primary email address. If you attempt to leave the page, they provide aggravating pop-up warnings.
They almost always create a false sense of urgency by telling you that you have to purchase their kit or product today or they might only have two spots left in your zone.
It Is All About Profit
Though there are differing layers of operation in the cyber-criminal economy — there is a growing group of bad boys who get paid to infect computers.
It all starts with affiliate marketing programs run by malware developers who pay anyone who is willing to infect or “install” their malware to a large number of computers. According to Kaspersky’s Securelist site, malware developers may pay affiliates $250 or more per 1000 PCs that their malware is installed on. Each affiliate gets an ID number that is embedded in the installed software. The affiliate ID number makes sure the bad guy that installed the malware on the victims’ computers gets credit for the installs so that the malware developer can keep track of how much money to pay them.
It can be extremely lucrative for the criminals running the affiliate marketing program as well as the people who are willing to install their malware to thousands of computers. —About.com | The Shadowy World of Malware Affiliate Marketing
To simplify: Never click on third-party profile tweet link (received in a DM) and be sure to use Twitter Two-Step Verification to safeguard your mobile app.