Earlier today CrunchGear reported on a new form of Twitter spam that was taking the service by storm.
What was happening was that a spam bot appears to be putting out thousands of tweets for a service that allows people to watch movies free, including Harry Potter, Ice Age 3 and the new Transformers movie. The problem being that, not only would such a service almost certainly be illegal, it doesn’t actually exist and the URLs just forwarded to what author John Biggs described as “essentially a phishing scam that eventually dumps out out into an opt-in survey scam.”
While that type of spam is not uncommon, what makes this case at least somewhat unique is that the tweets were sent in the format of fake retweets from Twitter celebrities. Such popular Twitter users as Penn Jillette, Stephen Fry and Perez Hilton have all had their names used.
It is unclear how many people are being taken in by the scam or how much risk there is to them, but it raises a lot of questions about Twitter and how safe it really is.
How the Scam Works
At this time, the tweets seemed to be fairly formulaic. If you are unsure if a tweet you’ve seen is part of this scam, see if it fits the template below:
RT @CELEBRITY-NAME (U can watch/I just watched/we just watched/etc)”MOVIE-NAME” Movie free online here YURL-LINK MOVIE-NAME
Pretty much anyone who sees these tweets should recognize that they are garbage and should be wary of the legality of watching recently released movies for free online.
Clicking the link, which I do not advise, takes you to a page that shows you a still of the movie and makes it appear you can play the film only to present you with a “survey” that you must complete before watching the film. However, according to others, filling out the survey does nothing as the process is never-ending and seems likely just an attempt to glean personal information.
In short, if the reports are correct, there’s no free movie at the end of the rainbow.
Concerns About Twitter
If the tweets, which appear to be coming from spammy usernames with many numbers at the end, would almost certainly be ignored if it were not for the fact that they were using the names of celebrities in order gain trust where, otherwise, none would exist. Combine this with the fact that many ware watching these movie titles on Twitter, it seems at least probably these tweets fooled a decent number of people.
However, as the CrunchGear article pointed out, it raises concerns about the reliability of Twitter. This spam attack, for example, puts users at the risk of identity theft and other issues while subjecting the impersonated celebrities to potential harm to their reputation.
Just like email spammers can spoof anyone else’s email address to send out their junk, any Twitter user can put words into any other Twitter user’s mouth with a fake retweet. Furthermore, they can direct other users to almost any site they want thanks to URL shortening services that make it easy to hide the real destination.
These factors make Twitter a big potential risk to both ones professional and computer security. Though anyone can always say something about you, on Twitter it is easy for others to say something as you and have other believe it. This is unlike email spam, which is very rarely seen and is almost never believed.
Though this isn’t enough to discourage me from using Twitter, the usefulness of the product has to be weighed against the potential harm, it will almost certainly give companies and celebrities some pause.
The good news is that Twitter seems to finally be cleaning this mess up. As I was writing this story, the search I had open for the topic “free movie” seemed to stop working and, with a refresh, most of the spam tweets disappeared.
Still, it is only a matter of time before there is another spam attack like this one and there’s only so many times Twitter can clean up after the fact before people begin to get frustrated, annoyed and worried enough to leave.
Security seems to be a major issue for Twitter these days and this is just one facet of the problem. However, it is definitely one of the more public ones.