Earlier today CrunchGear reported on a new form of Twitter spam that was taking the service by storm.
What was happening was that a spam bot appears to be putting out thousands of tweets for a service that allows people to watch movies free, including Harry Potter, Ice Age 3 and the new Transformers movie. The problem being that, not only would such a service almost certainly be illegal, it doesn’t actually exist and the URLs just forwarded to what author John Biggs described as “essentially a phishing scam that eventually dumps out out into an opt-in survey scam.”
While that type of spam is not uncommon, what makes this case at least somewhat unique is that the tweets were sent in the format of fake retweets from Twitter celebrities. Such popular Twitter users as Penn Jillette, Stephen Fry and Perez Hilton have all had their names used.
It is unclear how many people are being taken in by the scam or how much risk there is to them, but it raises a lot of questions about Twitter and how safe it really is.
How the Scam Works
At this time, the tweets seemed to be fairly formulaic. If you are unsure if a tweet you’ve seen is part of this scam, see if it fits the template below:
RT @CELEBRITY-NAME (U can watch/I just watched/we just watched/etc)”MOVIE-NAME” Movie free online here YURL-LINK MOVIE-NAME
Pretty much anyone who sees these tweets should recognize that they are garbage and should be wary of the legality of watching recently released movies for free online.
Clicking the link, which I do not advise, takes you to a page that shows you a still of the movie and makes it appear you can play the film only to present you with a “survey” that you must complete before watching the film. However, according to others, filling out the survey does nothing as the process is never-ending and seems likely just an attempt to glean personal information.
In short, if the reports are correct, there’s no free movie at the end of the rainbow.
Concerns About Twitter
If the tweets, which appear to be coming from spammy usernames with many numbers at the end, would almost certainly be ignored if it were not for the fact that they were using the names of celebrities in order gain trust where, otherwise, none would exist. Combine this with the fact that many ware watching these movie titles on Twitter, it seems at least probably these tweets fooled a decent number of people.
However, as the CrunchGear article pointed out, it raises concerns about the reliability of Twitter. This spam attack, for example, puts users at the risk of identity theft and other issues while subjecting the impersonated celebrities to potential harm to their reputation.
Just like email spammers can spoof anyone else’s email address to send out their junk, any Twitter user can put words into any other Twitter user’s mouth with a fake retweet. Furthermore, they can direct other users to almost any site they want thanks to URL shortening services that make it easy to hide the real destination.
These factors make Twitter a big potential risk to both ones professional and computer security. Though anyone can always say something about you, on Twitter it is easy for others to say something as you and have other believe it. This is unlike email spam, which is very rarely seen and is almost never believed.
Though this isn’t enough to discourage me from using Twitter, the usefulness of the product has to be weighed against the potential harm, it will almost certainly give companies and celebrities some pause.
Bottom Line
The good news is that Twitter seems to finally be cleaning this mess up. As I was writing this story, the search I had open for the topic “free movie” seemed to stop working and, with a refresh, most of the spam tweets disappeared.
Still, it is only a matter of time before there is another spam attack like this one and there’s only so many times Twitter can clean up after the fact before people begin to get frustrated, annoyed and worried enough to leave.
Security seems to be a major issue for Twitter these days and this is just one facet of the problem. However, it is definitely one of the more public ones.
Interesting. Thanks for the heads up on this!
Too many spams these days. Sometimes, it just discourages me to open my Twitter account.
That sucks. Bad timing, as TheAuteurs was just doing a survey and rewarding people with a $5 credit to watch a movie on their site. Completely legit – hope people don't get confused as to which is real.
http://twitter.com/theauteurs/status/2674214922
How on earth can this raise an issue about how safe Twitter is if you don't have any evidence to back up your claims?
Jeez, he's only trying to help. This blog's essential message is "Down with spam" not "Down with Twitter". And besides, if the spam exists (which it does) and there are millions of people regularly using Twitter and following celebs (which there are) then it's only common sense to believe that someone will be thick enough to go ahead and click it. Unless you count people's stupidity as evidence, it's not needed.
I've just realised your comment is actually a reply to "Serafina". I initially thought it was a comment on it's own and didn't realise the error until I'd posted, apologies.
If people fall for something so stupid they shouldn't be allowed on twitter in the first place.
Oooo an intelligence for would be Tweeters. Very sensible and practical approach.
Seriously though, this gives absolutely ZERO concern over the security of Twitter specifically does it? I reached the same spam/scam whilst looking for a news feed when trying to find out what had happened at The Open golf championship today. Does that bring into doubt the security of Google, which gave me the link? As always on the intertron – if it looks too good to be true….it is! And you should leave it well alone.
I get people adding me all day everyday. It's annoying on twitter how u cant just deny straight up. I just get an e-mail through on my phone saying so n so is following you and I have to go on my pc and actively block them to prevent them checking out my shit. They're always in the same format. <a>.
I think however, if you're stupid enough to click on an absolute strangers link to something that sounds either too good to be true, or something irrelevant to anything u've been talking about, you deserve it.
To make sure you don't get caught out by these scams, click on the link below. It really works! Http://hackersanonymous.com/wegonnahackyou.sucker…
It's a safe site, just follow the link.
You can deny straight away. Just check Protect my updates in settings so you have to approve them before they see your updates.
I resisted using twitter for a long time, but in the short time I have used it it has become clear that unless they find a way to change things, its days of usefulness (such as it is) are numbered.
It's WAY to wide-open for abuse, follower spam, etc., and I am not creative enough to see how that can thwart that wave when it finally comes without fundamental changes to the whole way it works.
I'm not sure why this is a significant problem. Surely you're only going to receive these tweets if you've opted to Follow the spammer at some point? If you use a bit of common sense when choosing who to follow it shouldn't be a problem.
I know there are people who will follow anyone who follows them, but these are the same people who click on spam, phishing emails, etc.
Thanks!!! for warning. Haven't heard about copycats in Holland, but better be warned! (Isn't Stephen Fry a darling to pass it on?)
This is the first time I wanted to Digg something. And this is the first time I cant find the Digg button. That Murphy’s Law is such a nuisance sometimes
My recent post Cheryl Cole and Ashley Cole Granted Divorce
This is the first time I wanted to Digg something. And this is the first time I cant find the Digg button. That Murphy’s Law is such a nuisance sometimes
My recent post Cheryl Cole and Ashley Cole Granted Divorce
It's WAY to wide-open for abuse, follower spam, etc., and I am not creative enough to see how that can thwart that wave when it finally comes without fundamental changes to the whole way it works.
How on earth can this raise an issue about how safe Twitter is if you don't have any evidence to back up your claims?
My recent post Joe McElderry Wins The X Factor 2009
These factors make Twitter a big potential risk to both ones professional and computer security. Though anyone can always say something about you, on Twitter it is easy for others to say something as you and have other believe it. This is unlike email spam, which is very rarely seen and is almost never believed
My recent post Miley Cyrus’s Face! Face lift or Botox