New Dr Who girl Jenna-Louise Coleman's name exploited by Twitter sex video scammers

Filed Under: Featured, Social networks, Spam, Twitter, Vulnerability

Jenna-Louise ColemanJenna-Louise Coleman has been unveiled as the new "Doctor Who" companion, joining the BBC TV time traveller in his TARDIS later this year.

"Doctor Who" is one of Britain's biggest television shows, and is popular elsewhere around the world, so it was no surprise to find 25-year-old actress Jenna Louise-Coleman's name was a trending topic on Twitter today.

Unfortunately, there are frequently mischief-makers, scammers and cybercriminals waiting to exploit a popular search term or hashtag.

For instance, see these messages mentioning Jenna-Louise Coleman and referring to sex videos:

Tweets mentioning Jenna-Louise Coleman

Human nature being what it is, you probably wouldn't be that surprised if some sci-fi fans clicked on the links out of err.. curiousity.

However, the webpage you are taken to doesn't have any content (pornographic or otherwise) related to the Time Lord's latest sidekick. Instead, you'll find what appears to be a portal for an Asian hardcore porn video website.

X-rated webpage

Clicking on the video thumbnails is definitely ill-advised. When I examined the page, I found that each of the videos were masking a secret Twitter follow button.

Unsuspecting site visitors are being tricked through a clickjacking exploit into unwittingly following a Twitter account.

Browser plugins such as NoScript can help protect against clickjacking, and warn you about the true intentions of webpages such as this.

NoScript alert

Of course, the scammers could just have easily transported you to a webpage containing malware, a survey scam or a rogue application. The point is that you should always be cautious about the links which you click on.

Of course, it's Jenna-Louise Coleman today and will be someone else tomorrow. Twitter spammers are simply grabbing the latest trending topics and shoving them in their tweets in the hope that users will stumble across them and fall into their trap.

If only we could dematerialise the bad guys to Metebelis III or throw them into a chronic hysteresis and never be troubled with them ever again..

, , , ,

You might like

11 Responses to New Dr Who girl Jenna-Louise Coleman's name exploited by Twitter sex video scammers

  1. jenna · 852 days ago

    Let us know when there's some actual J-L-C content pls?

  2. Greenaum · 852 days ago

    It would be interesting to interview the people who come up with this sort of thing. It was interesting when Savetrees / Spamford (remember him!?) "gave up" and was interviewed. Even going undercover in a spam / scammer's organisation would be educational. I'd like to know how the whole business works.

    It'd be an interesting human interest story, and would educate the public, both to be aware of scams in general, and also into the line of thinking these "people" follow. Would be nice to get the media involved.

    Anything Sophos could do along this line?

  3. Yvonne · 852 days ago

    Why do people do this sort of thing? "Because they can" doesn't explain it any more. They could be doing so much good stuff, but they are wasting their time doing this rubbish.

  4. Tyw7 · 852 days ago

    What do the spammers get by likejacking users into following them?

  5. Mike · 852 days ago

    So we have established a link between Doctor Who and click-jacking.

    I suspect the Daleks are behind this, following links like that is how Davros went blind.

  6. I wonder what the criminals get by forcing victims into liking them.

    Also, everybody on the Internet should know by now that all "free" porn will give them headaches. It will either install malware, lead to a phishing site, like jack your account, or lead to a survey scam.

    • anon · 801 days ago

      The headaches thing is a myth. It doesn't make you go blind either.

  7. Richard Freeman · 851 days ago

    Cybercriminals, Dr Who!

  8. Cedric Knight · 848 days ago

    One of the hazards of a Twitter-based attack is that you don't know what the ultimate payload is, so you have to assume at any random point you will be invited to download malware (or a cybermat). You mention NoScript, which is being constantly improved with a sensible balance between blocking exploits and blocking legit functions. However, this very blog post includes third-party scripts on wordpress.com -- should I trust those?

    Not a nice welcome to the talented J-L C taking over what is (of course) the joint most important leading role on telly. However, one consolation is that the name has probably been appended without any human intervention.

  9. anon · 801 days ago

    It's pixelated, so it must be asian porn...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.