Lord Gaga video banned? Twitter rogue app spread by scammers

Filed Under: Celebrities, Nude Celebrities, Social networks, Spam, Twitter

Lord Voldermort and Lady GagaScammers are seeding an attack against Twitter users, posing as a banned video of "Lord Gaga" in an attempt to compromise accounts.

Using a selection of newly created Twitter accounts, which have the names and avatars of young women, the tweeted-out messages all look similar:

#pssst Lord Gaga VIDEO BANNED -----> [LINK] #onethingiveneverdone #cnn

Lord Gaga banned video tweets

The mention of "Lord Gaga" refers to a running-joke on Twitter today, about what would happen if Harry Potter villain Lord Voldermort and Lady Gaga hooked up. The hashtags, which can vary, appear to be taken from Twitter's trending topics in an attempt to reach a wider audience.

Interestingly, in the above screenshot all of the Twitter profiles used to seed the scam campaign have adopted the names of women beginning with the letter "B": Bianca, Berenice, Betania, and so forth..

It has been no surprise while writing this article to find that the scammers have now run out of "B" names and have moved onto female names beginning with the letter "C"..

These aren't your usual Twitter profiles, and as can be seen in the example below, appear to be newly created specifically for the purposes of spreading the link.

Twitter attack seeder

What makes the profiles even more suspicious is that the only messages they have tweeted out so far have all been to the same place - a fake YouTube site, which pretends to host the banned video.

Lord Gaga video

Twitter's security team would be wise to shut down the bogus profiles as soon as possible, before the attack spreads further because rather than playing a music video, clicking on the player will attempt to trick users into giving a rogue application the rights to access their Twitter account.

Would you authorise this Twitter app?

An app called "money works new" hardly sounds like it would be connected to a music video, and you would be wise not to give it access to your account. But, as we've seen in the past, Twitter users can be tricked by such an attack into making poor decisions.

Indeed, even Lady Gaga herself appears to have recently fallen foul of such a scam on Twitter.

If you do make the mistake of authorizing the app, the scammers won't waste any time posting the same message from your account - hoping to entrap more victims.

Rogue app victim on Twitter

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app's rights.

Revoke app on Twitter

Don't make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you're on Twitter and want to learn more about threats, be sure to follow Naked Security's team of writers.

, , , , ,

You might like

2 Responses to Lord Gaga video banned? Twitter rogue app spread by scammers

  1. Slade · 1267 days ago

    Anytime I receive a message that seems like a response to a key word like "phone" or "writer," I immediately look at their profile and check their tweets. If I see several tweets with the same link or a set of links, I report them for spam which also blocks them in the process. Some apps will have "Block and Report As Spam" as an option. On the main Twitter site, it's simply listed as "Report [account] as Spam." The mobile version of the site only gives you the option to block users. I haven't found an option for spam yet.

  2. GiacomO · 1267 days ago

    I am worried about how some people can belive something like this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.