Twitter 11.6 hours survey scam spreading virally, Sophos warns
March 2011 by Sophos
Sophos is warning Twitter users to be vigilant following the outbreak of a scam that is spreading links from users’ accounts without their knowledge. The scam, which has already caught thousands of Twitter users off guard today, dupes users into clicking on links, believing that it will reveal how many hours they have spent on Twitter.
The offending links are being circulated on Twitter in messages containing the following text:
"I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]"
However, if users click on the bit.ly link being used in the message, they are taken to a page which attempts to connect a rogue application called ’Time on Tweeter’ with the user’s Twitter account. The application instantly tweets a message from the victim’s Twitter feed, claiming that they too have spent 11.6 hours on Twitter, while also directing the victim to a page which presents a revenue-generating survey on behalf of the scammers.
"Affected users need to revoke the rogue application’s access to their Twitter account immediately, or it will be able to spew out more links from your Twitter page - which could promote spam sites or link to malicious webpages," advised Graham Cluley, senior technology consultant at Sophos. "Scams like this are very commonly encountered on Facebook, but are more rarely seen on Twitter - meaning that many users will be sitting ducks to this type of attack. Although Sophos is in contact with bit.ly about closing down the offending link, it’s possible that the scammers will use other links and other names for their rogue applications. So be on your guard, and always think twice before allowing a third-party app to have access to your Twitter account."