A series of enhanced follower scams have tricked thousands of Twitter users after a group abused the platform’s authentication system, its Trends section and TweetDeck. Bitdefender reported the scams and notified the micro-blogging company of the dangerous websites, which are massively promoted through Twitter Trends in many countries including the UK.
The “entrepreneurs” conducting the scam are profiting from users’ eagerness to gain more followers on the platform. In the past month, they have registered dozens of similar websites with top level domains such as .com and .net. The cyber-group offers free or paid Twitter followers in exchange for users’ authentication tokens.
Those who click on the “free’ option get 20 followers at the blink of an eye – both legitimate users and bots. However, they are also subscribed to the system without their knowledge, so they can follow 100 other users as well.
“While Facebook scams promising new likes are just silly baits, these Twitter scams really deliver what they claim – tens of new followers that are willing to “adore’ what you tweet,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “It’s somehow ironic that there is a price to pay even in the “free’ version, as they get away with your authentication token. The merchandise is actually YOU.”
To hijack the accounts, scammers abuse the legitimate TweetDeck application that allows users to sort content on the micro-blogging platform. To get new followers, users have to authorise the app, which may post on their behalf, see who they follow and follow new people. In the process, scammers make away with the tokens and receive TweetDeck’s permissions without users’ knowledge.
The follower websites are also loaded with commercials for dubious games, torrents and software downloads and some trick users with malvertising.
In April 2013, a research team discovered the Twitter OAuth feature in the application programming interface (API) can be abused to hijack accounts. Access tokens allow scammers to perform several actions through the Twitter API without a password. Attackers may post new tweets on behalf of the hijacked accounts, read and send private messages, and change users’ location without their knowledge.
Bitdefender advises British users who were tricked with this new follower scam to uninstall TweetDeck and re-authorise it. They should also run a security scan to check for malware on all the devices they used to log into Twitter.