If not careful, Twitter users who are dead set on seeing nude photos of WWE star Paige will end up on marketers’ spam lists and with their own Twitter account pushing out messages leading other users to the same scam they fell for.
How the scam unfolds
The road to compromise starts with tweets offering the aforementioned photos and videos, and a bit.ly (shortened) link. Some of the tweets note in advance that the user will have to “Acept (sic) the App First”.
Users who follow the link – and so far nearly 7,000 users did – will land on a page that requires them to enter their Twitter username and password to authorise an app named “Viral News” to use their Twitter account:
It is written plainly that the app will be able to post tweets on behalf of the user, but apparently that doesn’t worry many of them, although it should. As they are redirected to another web page once the app is installed, the app immediately begins tweeting from the victim’s account.
In the meantime, the user is redirected through several sites, and ultimately lands on an Amazon themed survey gift card page. He is instructed to enter his name and email address to be finally able to see the photos.
Malwarebytes’ Chris Boyd does not say whether, in the end, the user gets to see the photos or not. What is certain is that they have become a small cog in the machine that perpetuates this type of scam.
“As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers,” Boyd notes.
“Apart from the fact that these images have been taken without permission so you really shouldn’t be hunting for them, anyone going digging on less than reputable sites is pretty much declaring open season on their computers. Do yourself a favour and leave this leak alone. It probably won’t be long before the Malware authors and exploit slingers roll into town.”
