• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TekSec

My Scribbles on security and whatever strikes my fancy . . .

  • Home
  • About
    • Privacy Policy
    • DISCLAIMER
  • Services
    • Content Strategy
    • Social Media
    • Digital Audit
  • Show Search
Hide Search

Twitter’s latest twist in the “Profile Views” scam

March 31, 2012 By teksquisite Leave a Comment

This blog post is still in the works – replace graphics…

profile views

[pullquote]The current Twitter scam builds on prior profile view scams but now includes an interesting twist.[/pullquote]

The latest Twitter “visit my profile for the website!” scam is following hot on the heels of a recent Facebook viewer profile scam that was reported by Sophos last Tuesday.  The current Twitter scam builds on prior profile view scams but now includes an interesting twist. Instead of placing a link directly in the tweet, the scammer now points you to their profile. Using shortened URL services – the scammer profile includes a Bit.ly link that redirects to TinyURL.com, with the final HTTP Redirect to a co.cc domain with a request for an OAUTH token to authorize S,E,E |||| W.H.O version 1.4, a malicious Twitter app.

[pullquote]Each survey leads to unsavory websites that include phishing.[/pullquote]

Once you authorize this malicious app, you will be logged into the viewers area at co.cc. Next, you have to complete a short survey in order to unlock the page. You have a choice of five surveys to complete. Each survey leads to unsavory websites that include phishing.

almost-done

The information that most of these surveys request include:

  • Full name
  • Complete address
  • Date of Birth
  • Phone number
  • Email address
  • Income
  • Education
  • Credit card information

[pullquote]Many of these scam surveys also want you to provide the last 4 digits of your social security number… [/pullquote]

Many of these scam surveys also want you to provide the last 4 digits of your social security number for age verification. I had a grand chuckle over yesterday’s verification popup because it helps them from confusing me with another consumer…

social security number

Within a few hours of authorizing this app, you will note activity on your twitter account. The tweets include a TinyURL link that changes every 7-10 minutes until Twitter’s spam trap catches it.

tiny

The art of social spamming

[pullquote]In order to qualify for certain fake or deceptive offers, people had to spam their friends…[/pullquote]

It is not surprising to find CTO of CPALead, LLC,  Jason Swan sitting at the helm. Last year Facebook filed a lawsuit against him:

In three separate complaints, we allege that Steven Richter, Jason Swan, and Max Bounty, Inc. used Facebook to offer enticing, but non-existent products and services.  According to our complaints, the defendants, among other things, represented that in order to qualify for certain fake or deceptive offers, people had to spam their friends, sign up for automatic mobile phone subscription services, or provide other information. –Facebook

cp-spam

[pullquote]Social spam is interactive and these nasty Blackhat affiliate marketers are very aware of this fact. [/pullquote]

Social spam is interactive and Blackhat affiliate marketers are very aware of this fact. Often they use CPM (Cost Per Action affiliate marketing) techniques to lure potential victims into clicking on offers that are obviously too good to be true to the lot of us. Unfortunately, they manage to entice plenty of gullible believers into pursuing these fraudulent  iPad  or $1,000.00 gift certificate scams…

Let the spam begin

After running two test accounts with this malicious app – Twitter filtering was able to intervene within the space of an hour:

Twitter action

[pullquote]By tomorrow I should have an inbox full of bogus offers…[/pullquote]

The test email accounts were not so lucky. Email spam from domains like Smart-buyertoday was the first to hit my inbox inviting me to click for more enticing offers. By tomorrow I should have an inbox full of bogus offers and these test email addresses will become part of the spammers database of online-idiots-who-can-be-easily-seduced.

Unlocking the screen at co.cc

[pullquote]Once the co.cc viewers panel is unlocked , the follow button leads directly  to Unfriend Finder at userscripts.org.[/pullquote]

Once the co.cc viewers panel is unlocked , the follow button leads directly  to Unfriend Finder at userscripts.org. Unfriend Finder is a script that assists you in finding out who defriended you on Facebook. Ironically, there is also an Unfriend-Finder (SyncMyFriends) Facebook application (most likely another rogue app) that does not appear to be connected to userscripts.org or the UnfriendFinder Official Site.

Facebook script

No app can tell you who viewed your profile

[pullquote]On the other side of the coin, there are those who are simply too gullible to have an account on any social networking site. [/pullquote]

This Darkhat affiliate scam has been around the block for a few years now. Though Twitter is proactive in shutting down fake profile tweetstream links  – they still need to address tweets that direct people to bogus profile redirect links.

[pullquote]In the good old days we would have told them to unplug their computer, pack it up and ship it back to the vendor…[/pullquote]

People that are new to Twitter platform could easily get caught up in clicking on a fake profile link. On the other side of the coin, there are those who are simply too gullible to have an account on any social networking site. You know the type – they click on every link that appears on their screen and they install every app that they run across. In the good old days we would have told them to unplug their computer, pack it up and ship it back to the vendor…

Do you have any thoughts on ways to address rogue apps on Twitter?


Facebooktwitterredditpinterestlinkedinmailby feather

Filed Under: Updates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Visit Us On TwitterVisit Us On FacebookVisit Us On PinterestVisit Us On YoutubeVisit Us On LinkedinCheck Our Feed

Recent Posts

  • 13 Reasons why WordPress hacks are successful
  • Hacked medical devices gaining traction
  • Online Travel Agency Deals: Due Diligence and Dive

Top Posts

  • Safari browser redirects on iPhone, iPad –… (10,130)
  • 6 motivations of cybercriminals–Is it all about the money? (3,875)
  • How to derail a Business Gmail Spam bomb (3,831)

RSS SecurityWeek

  • F1 Team Williams Unveils New Car After Hackers Foil Launch
  • Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack

RSS Threatpost

  • U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
  • WordPress Injection Anchors Widespread Malware Campaign

Recent Comments

  • teksquisite on How to derail a Business Gmail Spam bomb
  • Stephanie Cleveland on About
  • bob mbeng64 on How to derail a Business Gmail Spam bomb
  • teksquisite on Remove Query Strings From Static Resources in WordPress
  • Harish on Remove Query Strings From Static Resources in WordPress

Categories

Copyright © 2021 · Teksquisite Security LLC

  • Home
  • About
  • Services
  • Privacy Policy
  • DISCLAIMER