My Bitdefender
  • 0 Shopping Cart

Bitdefender Blog

Phishy Honeypots: The Twitter Scams Picture

by , on 09 November 2011

When we started Safego for Twitter in August, we were curious about the structure of Twitter threats. We had multiple honeypots to analyze it and, since Twitter is so open, we had access to the scams that were publicly spread. But we still didn't have a clear picture of direct messages attacks.

After more than two months of beta testing, it looks like more than half of the spam messages detected by Safego lead to malware or phishing.

We also have classical scams, but the incidence of malware and phishing is really scary. While the database doesn’t yet allow for generalized conclusions to apply to all of Twitter, other security researchers also reported a high incidence of phishing and malware in direct messages. Direct message scams are not the most frequent threat on Twitter,  but they do seem to be a very dangerous one.

Twitter’s delivery of fresh news in just 140 characters makes it compatible not only with smartphones, but also with the classical SMS service available on any mobile device. This kind of compatibility makes everything smaller: screen names, URLs, and, sometimes ominously, the amount of information we know about a user.

Scammers are morphing their attacks to take advantage of the strengths and weaknesses of each social network. On Facebook, an abundance of graphical and interaction elements encourage complexity of threats that can be used to improve social engineering techniques. On Twitter, we identified

7 types of scams, some of them very effective:


1. Malicious Twitter Apps

This is the most effective and most similar to a Facebook attack. Scammers are creating fake apps and are convincing users to authorize them using different social engineering techniques. After that, attackers can post in behalf of the user, send direct messages, follow or unfollow people.

With this kind of technique, attacks can be silent and very targeted.


2. Mention spam

Scammers are scanning for buzzwords on Twitter. When someone tweets about a gadget, he can receive a @mention sending him a scam. This technique is also used for stock exchange tweets, drugs, sex-related discussions and anything else scammers use on the "classic spam channels".


3. Trending topic scam

Scammers are tweeting scams in Twitter trending topics. Usually, they take advantage of the fact that most URLs on Twitter are shortened. They copy legit tweets and change the URL to a scam.


4. Hot spambots

Using pictures with hot girls is an old trick for scammers. We have it on Twitter too. "Hotbots" aggressively follow legit users, trying to get a follow in return. After they have enough followers, they start spamming.


5. Follow the Follower

It’s nice to be important. And to be important on Twitter means to have many followers. As financial markets attract Ponzi schemes, Twitter abounds with schemes of how to get followers by following. Most of the times, this ends with legit users following spambots and spambots following legit users.


6. Phishing

Accounts can be hijacked by authorizing a malicious Twitter app or by introducing a credential in a phishing site. Whatever the means, the effect is the same: your account will start sending things you definitely didn't mean to send.


7. Targeted spambots

You are what you tweet. But if you tweet about losing weight, work from home or how to get rich, bots will start following you and @mention you.

All these scam descriptions are available in a nifty infographic, on the Malware City blog

On Nov.10.2011 11:05

yannick said

i wonder why twitter don't set up filter to autoban those bots!

Daily "Did you know?"

On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.


  • Bitdefender Security Specialists
    Bitdefender Labs
  • Catalin Cosoi
    Chief Security Researcher
  • Dan Lowe
    Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.
  • Ligia Adam
    Security Evangelist and Social Media Professional
  • Loredana Botezatu
    Loredana Botezatu – E-threat Analyst – Loredana has been writing about the IT world and e-security for well over five years. She has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.