An attack on Twitter users is going around via direct messages (DMs) again. This time the lure is a free iPad, a scam we have seen making the rounds on Facebook and in email as well. Paul Ducklin recently did a street survey in Singapore showing just how many people can be lured by offers that are too good to be true.
The DMs contain the message "Here you can get free IPAD http://tinyurl.com/CENSORED just register." They are hiding behind a TinyURL that after more than 8 hours of abuse is surprisingly still active. Fortunately Twitter seems to have disabled access to the API key being used by the perpetrators.
Domain registrations can't always be trusted, but I do believe this one is plausible. This domain is registered to an individual in the Ukraine with some false details. Now, if you were tempted by these messages initially, how likely is it that someone in the Ukraine is doing iPad market research and wants to give you an iPad?
Those who come up with these scams are clearly the responsible parties, but those who are tempted by these thinly veiled ruses are equally responsible. No one is going to give you a $600 device for responding to a survey. No one who needs people to "test" a popular product is going to solicit people to do so through an open-ended social media campaign. Oprah is not going to offer you a free car via Twitter -- you actually need to go to Harpo Studios.
If you surrender your Facebook or Twitter credentials with the hopes of getting something for nothing, you will in fact get something. You will get a bad reputation among your friends and colleagues and potentially have your credit, identity, or computer resources stolen. If you received one of these direct messages from a friend please counsel them not to fall for this kind of thing. If you were one of the ones tempted, let's call this one a lesson learned and please be more careful in the future.