Not long ago, BitDefender warned that social network scams were going mobile. A new link is now added to the scam spreading chain: Twitter. The recently discovered bogus statistics generator that’s pestering mobile chit-chatters uses as bait a message that sounds very familiar to social network users: how much time have you spent on…
On Facebook, the scam has been pretty productive and some of its variants are still alive and kicking.
Its Twitter twin seems to be equally eager to impress.
And the similarities keep pouring. One interesting thing about the Twitter sibling is that it spreads based on a mechanism that's typical for Facebook applications e mai corect. Twitter users are apparently required to install an application (Twitter apps run in the cloud, so they are platform independent), grant permissions …much in the Facebook fashion …and then see their Timelines infested by automatic messages that spread the word about the scam.
This approach is quite peculiar as according to the more common model of Twitter-based e-trouble the user gets infected with malware, which hijacks his/her account and then preaches its evil story. This requires that the scheme masterminds create several versions of the respective piece of malware (or phishing scheme, which implies a much lower conversion rate), one for each targeted operating system. The Facebook application model, on the other hand, seems to be more efficient in that the app can be installed and runs on each operating system.
The striking social engineering similarity between these two may have rung a whole bunch of bells in the minds of those who follow very closely the development of scam techniques in the two environments, so actually proving that there is a connection between them may be met with a (more or less) enthusiastic “ I knew it!”.
Elementary, my dear Watson! With this is mind, we retraced the steps of one of the villains (i.e. scam authors), courtesy of bit.ly and of its tracking system. First question: who did it? Plenty of people who fell into the trap and twitted the thing along, but who actually spread the bad link first? With that info at hand, to complete the potential villain’s profile, we went on to check the suspect’s posting track record. And there it was: hard evidence of his/her preference for scams of all shapes and sizes.
Therefore, similarly social engineered scams are disseminated in both environments by at least one common source. This means that some Facebook scam authors have definitely decided to expand their horizons and they’re taking Twitter by storm.
"In this case, the attackers have gone down well known and trodden paths: they were full of pragmatism and used well-known and tested techniques. The similarities between the two scams indicate that their authors did not go to too much trouble when creating them, but that they clearly had efficiency in mind. By making these scams platform- independent, mobile platforms included, they’ve definitely struck gold", says George Petre, BitDefender Threat Intelligence Team Leader.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.