Twitter is no stranger to spam. The majority of users that are active on Twitter are also very much used to it by now. Heck, it was pretty clear back in the MySpace days that social media was the perfect place to spam advertisements. But every now and then there’s a spam campaign that ends up getting noticed.
This is exactly what happened after hundreds of users had their accounts compromised recently. These compromised accounts were then used to send out malicious messages. These messages read almost as testimonials for weight loss products, where users claimed that without this (linked) product, their life never would have changed like it did.
Of course, these comments included a link to a website that included promotion for the diet pill that was supposed to provide miraculous results.
But here’s where it gets phishy…
The linked website appeared to be an online magazine website for Women’s Health. This is just what was at the surface though, because it was not an official website for the magazine. So this leaves the intent of the website up for debate. Given the way the visitors were attracted in the first place, it would be no surprise if it was all an elaborate scheme to steal credit card information and/or login credentials. It would also be no surprise if the purpose of the website was to force install malware onto the visitor’s computer.
How Were the Accounts Compromised?
This is something else that is also up for debate. There is no confirmed answer on how the accounts were first compromised or if they were in fact compromised through the typical login process.
What it looks like is that the users were breached through third party apps or websites. Some of the first few messages containing a link to the fake website were noted for having a “via weheartit.com” tag. We Heart It is an image-based social network. So at least the first few cases where users accounts were used to distribute the malicious messages had begun through there.
We Heart It stated that they had discovered malicious activity on their network and it an investigation was underway. They also tweeted to note that login and sharing with Twitter was temporarily disabled as a result of the malicious attack.
Were There Any Victims?
Malicious messages like these are often read by people as spam. The Internet has grown a lot smarter and so have the people on it. Of course, there will be the few people that aren’t as clever as others when it comes to fraudulent techniques on the Web. However, it is safe to assume that at least the vast majority that have noticed these malicious messages would have realized them as such or they would have just ignored them to begin with. They would also go untouched by people that know their Twitter friend wouldn’t post anything like that or if their Twitter friend made any comments about it not being by them.
Similar Twitter Attacks in the Past
This is definitely not the first time that a spamming campaign took place on a social media website, let alone on Twitter. With somewhere around 60 million tweets being sent out a day, there is obviously going to be quite a bit of spam. In fact, this attack seems like a flash in the pot when compared with some spam campaigns that took place on Twitter in the past.
Last year, HootSuite accounts were compromised. It was believed to be roughly 7,000 users that were affected by this attack. This was done through exploiting a third party app with OAuth. Much like the more recent attack, the compromised accounts were used to spam malicious messages about diet products. Of course, this leads them to a fake website where their login credentials and credit card information was made vulnerable.
That particular campaign even took some high profile names with it. For example, Jane Seymour Fonda was compromised and her following was subjected to the attack – meaning, she was one of the people that posted (via HootSuite) to Twitter about these supposedly awesome weight loss products. With a large following and having a celebratory image, it would not come as a surprise if a few of her followers were affected by the attack.
How to Stay Safe
Twitter users will always be subject to spam given the ease of virility that the network offers. It is the user’s responsibility to become diligent when reading tweets and clicking links. Twitter does what they can to make sure that no one is made vulnerable. When a URL is flagged in their system, a notice will appear to let you know that linked page may be risky.
Something that is more important to take away from all of this is that everyone should start considering their use of third party apps a little more closely. This is an easy means of access for many attackers and apps can be published by anyone, so you never know how safe it is or how secure it is from outside attackers.