Recently in Twitter Category


Lots of companies now use Twitter as a form of customer support / PR, but in the wake of the latest Twitter Phish run involving, er, colon cleansing...the account for BTCare (British Telecom) seems to have fallen victim to the same scam.

What particularly alarms me here is that no sooner than the BT account has been notified and cleaned up, it's back to what they normally do which involves - wait for it - resolving customer support issues by sending (and asking for) information related to customer accounts via Direct Message!

Wait, your account was apparently compromised not so long ago and now you're back to asking for account details via Direct Messages on Twitter?

No, no, no. Although the above message is probably legit, I really don't think firing information related to telephone accounts should be done via a third party system such as Twitter, especially when you've just been phished - not exactly a Ben Stiller circle of trust going on here, is it?

Frankly, they're lucky the account hijacker was only interested in sending out colon cleansing messages - I'd hate to think what kind of information could have been sitting in their Direct Message tray...
Worth noting that people are still reporting Direct Messages of a "do not click" variety coming through on Twitter, all of which lead to Very Bad Things (TM) depending on what nefarious campaign happens to be doing the rounds at any given time.

Should anybody send you a DM that mentions humorous things taking place in videos - like this one, for example:

dmroguetwitterlinkz1.jpg should avoid it like the plague. Otherwise, you're in for some phishing fun which is surely a contradiction in terms.
Remember these guys?

Well, they're back on Twitter, and they've ditched random pictures of peoples faces - instead, they now use cute little bird graphics, presumably to make you think they're somehow official or related to Twitter itself. Examples...





There's a lot of these profiles around at the moment - ignore / block the lot of them and hope Twitter gets a grip on this fresh wave of spammers...

/ Update: According to comments left on the blog, the images are the new default "auto image" for profiles that don't have a picture. However, the same rule applies: Anyone promoting "Google hiring" messages should be blocked / reported. I've also replied to criticism of this entry here.

Spambot Fail

| | Comments (0)


Hat-tip to Kevin Church for spotting the Bot!
There's an awful lot of people waking up today to find this view greeting them in their Twitter followers list:


Clicking into any of the profiles reveals them to be entirely blank - there are no Twitter messages posted on any of them. There is some text poking out from the profile picture, however:


Click into the profile image and you'll see this...


Pasting text messages promoting IM webcam bots in the profile image (instead of lots of fake Twitter messages posted all over the place) seems to be the latest way to try and avoid the "obvious spammer banhammer".

I don't think it's going to work...
Fake Retweets aren't particularly new, but you might not have seen them before. In a nutshell, there is nothing stopping you on Twitter from placing "RT" at the start of a message then putting in whatever user you feel like after it. For example, if someone wanted to make it look like I was on a drunken insult rampage:


Of course, I never said that - and for a follower of mine to see this message, they'd have to be actively looking for "@paperghost" messages in the search feature so the chances of being horribly offended are slight. However, we can step it up a notch (with the permission of Rik Ferguson who agreed to let me use him for this next bout of fakery):


...whoops. If I'm not someone who bothers to check the authenticity of a Twitter message, then I'm now chasing Rik Ferguson with a baseball bat under the misguided notion that he's smacktalking my mother (actually, he's taller than me so I'll probably just settle for pulling angry faces at the screen).

With that in mind, I saw this pop up in my Twitter feed earlier today:

fakeghostrt1.gif you probably guessed, I didn't say that. Neither did any of these people:

Click to Enlarge

What's the idea? Well, take a look at the links in the above screenshot. The profile is designed to lure Twitter users in with fake retweets (either the person being "retweeted" themselves, or users who follow mentions of that individual and are curious what they're supposedly talking about) and then hope they click one of the many spam / promotion links.

The fake retweets are quite crude, but with a little tweaking they could perhaps make the fake retweets more controversial or include a URL link with the fake message which would probably increase the clickthrough rate.

Remember - if something looks a little odd about a message sent out on Twitter from a contact, check with them that it's the real deal first...

You've probably already seen what happened to Neda - it was inevitable that people with dubious intentions would seize upon this event as a cheap way to make some money.

Sure enough, we're seeing a fair few links starting to go out on Twitter that mention Neda, which (if clicked) will take the end-user to fake Codec installers. In other words, this...


...will lead to this:

Click to Enlarge

The danger, of course, is that with this being such an emotive issue many people might simply assume the links are genuinely about something and retweet them without checking first. Thankfully, seem to be catching a lot of these links:

Click to Enlarge

I had no idea they did that...
Given the furore over the new iPhone 3.0 OS hitting recently, it's no surprise that spammers are taking advantage of this on Twitter. Already, we've seen iPhone spam leading to high definition TV offers, and sure enough there's a fresh campaign now doing the rounds.

 If you see something like this:


...then it's a fair bet clicking the link will take you to a "male enhancement" website complete with pictures of men's bits that you'd probably rather not see in work or whatever:

Click to Enlarge

The URL in question is

Interestingly, aside from the usual deluge of spam profiles pimping the links, we've heard there are regular Twitter users complaining about being "hacked" and sending these same messages. In all probability, there's a phishing aspect to this particular campaign and that's why people are seeing these messages go out from their own accounts.

As a final note, the title of the spam appears to be taken from this article on MobileCrunch.

Be careful what you click...
A few days ago, I wrote about a cancer support blog:

...that kept popping up in Twitter links, always as a result of outrageously OTT spam messages. I did wonder at the time if the site owner had simply purchased an advertisement package that (unknown to them) involved mass Bot spam. Besides the possibility of potential Google Ad click fraud (and it's doubtful random visitors to a random cancer support blog would suddenly feel compelled to start clicking every Google ad in sight) I couldn't really work out the angle, although the URL clearly has a spammish twang to it.

Well, Rik Ferguson of Trend Micro went and double checked the site the other day and came back with some fresh information. I don't recall seeing this at the time so perhaps it's only just "gone live", so to speak. Or maybe I just missed it, who knows. Anyway...

Here's some more Twitter spam, with the now familiar OTT headlines:

Click to Enlarge

"Obama has just been killed", "Mousavi hilton has cancer" and "Stephen Colbert hit a woman" are all going to drag in the clicks from curious onlookers. They all take you to - you guessed it - the cancer support blog.

Cue Rik Ferguson, who found that at least some of the shortened URLs are apparently going through Tweetbucks and deposit you at the cancer blog via:

What is Tweetbucks?

When people click your TweetBucks shortened links, we convert them to affiliate-enabled links by referencing our database of 1000's of online merchant programs. Every time your recommendation results in a purchase, the online merchant pays a commission. So tell your followers about the products and services you like. The more you recommend, the more you can earn."

It seems someone is trying to earn some cash from dubious links on Twitter at Tweetbucks expense. From this page on Adbrite, we can see the cancer blog gets a fair amount of traffic at present:

Pageviews per day [?] :      Over 2,800
Unique users per day [?] :     Over 2,800 there is at least some potential for raking in a bit of cash with this one. We'll be notifying the various services who have adverts / PPC services on the site and see if we can reduce the amount of "dead world leader" spam currently clogging up Twitter. Thanks to Rik for the additional information!
Well, this is something you don't see everyday.

There's a fair amount of spambot profiles clogging up Twitter at the moment, all of which look a little like this and claim a British National Party leader has been shot and killed:


There's quite a few of them about, check out the Twitter Trends page.


Bizarrely, all of them take you to what looks like a genuine cancer support blog.

Click to Enlarge

I'd like to think the owner of such a site wouldn't be crazy enough to attempt to drive traffic using spambots in this very surreal fashion, so I can only hope they saw a "promote your site" package and it wasn't quite what they were expecting...


About this Archive

This page is a archive of recent entries in the Twitter category.

Travel is the previous category.

Videogames is the next category.

Find recent content on the main index or look in the archives to find all content.