A scam is wreaking havoc on Twitter, commandeering accounts and sending out spam links to ensnare even more victims. And it’s doing it in a particularly pernicious way: appealing to tweeters’ vanity.
The bait is enticing: an app that promises to give you the ability to see who has been visiting your Twitter profile. Once you click the link, it takes you to a page that uses what appears to be Twitter’s signature typeface and logo, which would seemingly bestow the “Connect with Twitter” button with an air of legitimacy:
Click on the orange button, and it takes you to an authorization page asking for permission to “Post Tweets for you,” which should be a major red flag:
If you choose to authorize—and to be clear, you should not choose to authorize this or any other app you haven’t investigated closely—you will then be redirected to more scam pages that offer you the exciting opportunity to beta test the iPhone 8, which was actually released to the general public back in September.
You’ll also notice that the app begins posting advertisements for its services from your account within seconds. I set up a dummy Twitter account (@ohnotheygotme) and signed up for the app to see what would happen. After about an hour, my zombie account had sent out 41 tweets with fake testimonials like “Incredible this :)” and “IT IS WHAT I USE EVERYDAY,” along with the link. I also visited my fake account using my real account, but was unable to see any record of the visit, as I was promised.
Fortunately, if you’ve been hoodwinked, it’s pretty easy to disable the app. Just go to the “Applications” page for your profile and click the “Revoke access” button.
You’re also in good company if you got tricked into this. A Twitter search for the offending link reveals that hundreds of accounts have been posting it, spanning back to at least Sep. 22. And as Joseph Cox of the Daily Beast notes, the scam has also infected the accounts of several public figures like whistleblower rights attorney Jesselyn Radack. As of Tuesday afternoon, however, Twitter was directing users to a warning page if they tried to click on the link.
The scam is reminiscent of email spam hacks, in which unsuspecting victims make the mortifying discovery that their addresses are being used to hawk Viagra to their friends. When it comes to the internet, if you build a platform, the spammers will come.
