Rogue Twitter Unfollower Counting App Leads to Survey Scams


The stream of rogue Twitter apps that post spam from their victims' accounts and direct users to surveys cotinues with a new one called "Follow Finder."

According to security researchers from Sophos, the app claims to be able to count the number of unfollowers for users who install it.

It posts messages reading: "xx people have unfollowed me, find out how many have unfollowed you: [link] #duringsexplease #youneedanasswhoopin #rw2011" where (xx stands for two digits).

The hashtags are trending topics on Twitter, therefore allowing scammers to reach more potential victims.

The advertised link takes users to a page that asks them if they want to give the application access to their account.

"Don't, whatever you do, press the 'Allow' button," warns Graham Cluley, a senior technology consultant at antivirus vendor Sophos.

"If you do, then a third party is now capable of tweeting messages in your name to all of your Twitter followers - which spreads the scam virally across Twitter and may result in one of your online friends also having their account compromised," he explains.

The same method has long been used on Facebook by rogue apps claiming to be able to show a user's most active profile viewers or people who blocked them.

However, unlike Facebook rogue apps that promise features that are impossible on the platform, in this case there really are some apps that can keep track of unfollowers.

Abusing a feature users might be used with, makes this scam more credible. However, this particular app doesn't have any legit functionality.

Users who install it are redirected to a page entitled "Find Out Who Has Unfollowed You!" overlaid with a dialog asking them to complete an "offer" for verification purposes. These offers, also known as surveys, are part of affiliate marketing schemes and earn scammers commission money.

If you have fallen victim to this attack, go you your account's Settings, then Connections, and revoke the app's access. Also remove the spam tweets from your feed.


Post a Comment