11.6 hours survey scam spreads like wildfire on Twitter

Filed Under: Social networks, Spam, Twitter

A rogue application has caught Twitter users off their guard today, with thousands of people duped into clicking on links believing that it will reveal how many hours they have spent on Twitter.

I have spent 11.6 hours on Twitter. How much have you? Find out here

I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]

However, if you click on the bit.ly link being used in the message you are taken to a page which attempts to connect a rogue application called "Time on Tweeter" with your Twitter account.

Twitter connect dialog

The application instantly tweets a message to your Twitter feed, claiming that you have also spent 11.6 hours on Twitter..

Twitter message

..thus spreading the link virally, and then directs you to a page which presents a revenue-generating survey on behalf of the scammers.

Survey scam linked to from Twitter

Affected users should revoke the application's access to their Twitter account immediately.

Twitter revoke app

Scams like this are very commonly encountered on Facebook, but are more rarely seen on Twitter.

Sophos is in contact with bit.ly about closing down the offending link, but it's always possible that the scammers will use other links and other names for their rogue applications. So be on your guard and always think twice before allowing a third-party app to have access to your Twitter account.

I'll be publishing more information about this fast-spreading scam shortly - but in the meantime, feel free to follow me at @gcluley on Twitter.

Update: As predicted, we are seeing other incarnations of this scam using different links and names for their rogue application as well as different "times". For instance, a number of people have been compromised by an app called "Time on Tweet" which claims they have been on Twitter for 10.6 hours rather than 11.6 hours.

I have spent 10.6 hours on Twitter. How much have you? Find out here

I have spent 10.6 hours on Twitter. How much have you? Find out here: [LINK]

And here's another version which was spreading earlier today, using somewhat different wording:

I have spent 12 hours and 25 minutes Twitter in 2011. How much have you? Findout

I have spent 12 hours and 25 minutes Twitter in 2011. How much have you? Find out @ [LINK]

Update 2: It looks like the initial attack has stopped spreading - great news! Thanks to everybody who retweeted this story and spread the word.

However, there is some evidence that the scammers may be attempting to spread new versions of the attack (this time using the goo.gl url shortener and an app calling itself "How many hours?") to Twitter users. Hopefully many users will now be on the lookout for such tricks, however.

Look and see how much time you have spent on twitter.

Please remember to exercise extreme caution over which applications you allow to connect with your Twitter account.

Hat tip: Thanks to Naked Security reader Guido for first alerting us to this outbreak.

, , , , ,

You might like

3 Responses to 11.6 hours survey scam spreads like wildfire on Twitter

  1. Jeremy · 1279 days ago

    Also today there was one about twitter stalkers. That was very viral and was trending too. I reported it and the host took it down quite fast. :D

  2. Tyler · 1274 days ago

    Is there any surprise that this is CPALead at it again? Just moving platforms.

  3. ummm It's not like you have all bent yourself over to FB and Twitter... wtf, why not bend over some more.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.