14 DAY TRIAL // Security researchers from Sophos warn of a survey scam that tricks Twitter users into giving a rogue app access to post spam from their accounts.
The rogue messages generated by this latest scam read: "I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]"
The link takes users to a page asking them if they want to allow an application called "Time on Tweeter" (notice the misspelling) to connect to their accounts.
If installed, the application proceeds to posting the same spam message on behalf of the victim, then redirects them to a page that instructs them to complete a survey in order to see the time spent on the site.
These surveys are part of affiliate marketing schemes. Some of them are provided by legit companies whose services are abused, while others are malicious and try to sign up people to premium rate services.
Either way, scammers earn a commission for each completed survey, making their trouble worthwhile.
Survey scams, especially those using rogue apps for propagation, are most common on Facebook.There are several of them circulating on the social networking site at any given time and sometimes it feels like the company is having a hard time keeping up with them.
Since the concept can be ported to any platform that allows third-party services to interact with user accounts, it's actually surprising that Twitter is not targeted more.
The precursor of these attacks was tested on the microblogging platform back in August 2010, when a Scottish teenager unleashed a fake app that was supposed to calculate people's Twitter efficiency score.
After installation it posted messages advertising itself and managed to trick people like Google's then Vice President of Search Product and User Experience, Marissa Mayer or Cisco's Chief Technology Officer, Padmasree Warrior.