14 DAY TRIAL // A scam luring Twitter users with an app that could tell them how much time they spent on the website is collecting their email addresses for later spam.
The messages sent by victims of this new scam read: "#goodluckcheryl --> I have spent: xx.x hours on Twitter! See how much you have: http://x.co/[removed]"
Like seen in other Twitter scams, the hashtags used are copied from the trending topics in order to reach as many users as possible.
The spammed link leads to a page asking people to authorize an app called "TimeChecker2.6" to use their profiles.
Users who agree to this will have their accounts used as a conduit for spam as the app will immediately begin sending out unauthorized messages.
"When I went through the process on a test Twitter account I run, I found that it tweeted out the message more than a dozen times in less than 30 seconds," notes Graham Cluley, a senior technology consultant at antivirus vendor Sophos.
People are then taken to a page pretending to calculate the time they spent on the website and asking them for their email address in order to send the results.
Unfortunate users who provide their emails will most likely receive loads of spam in the future, either from the same attackers or from others who buy the emails database from them.
Users who fell victim to this scam should go to their profile's settings, click on the Applications tab and revoke access to any app they don't recognize or need.
The rogue app trick has been used by Facebook scammers for the past couple of years, but only recently it has taken off on Twitter.
Another characteristic borrowed from Facebook rogue apps is the promise of non-default features, such as the ability to count unfollowers, or like in this case, the time spent on the website.