Scammers are seeding an attack against Twitter users, posing as a banned video of “Lord Gaga” in an attempt to compromise accounts.
Using a selection of newly created Twitter accounts, which have the names and avatars of young women, the tweeted-out messages all look similar:
#pssst Lord Gaga VIDEO BANNED -----> [LINK] #onethingiveneverdone #cnn
The mention of “Lord Gaga” refers to a running-joke on Twitter today, about what would happen if Harry Potter villain Lord Voldermort and Lady Gaga hooked up. The hashtags, which can vary, appear to be taken from Twitter’s trending topics in an attempt to reach a wider audience.
Interestingly, in the above screenshot all of the Twitter profiles used to seed the scam campaign have adopted the names of women beginning with the letter “B”: Bianca, Berenice, Betania, and so forth..
It has been no surprise while writing this article to find that the scammers have now run out of “B” names and have moved onto female names beginning with the letter “C”..
These aren’t your usual Twitter profiles, and as can be seen in the example below, appear to be newly created specifically for the purposes of spreading the link.
What makes the profiles even more suspicious is that the only messages they have tweeted out so far have all been to the same place – a fake YouTube site, which pretends to host the banned video.
Twitter’s security team would be wise to shut down the bogus profiles as soon as possible, before the attack spreads further because rather than playing a music video, clicking on the player will attempt to trick users into giving a rogue application the rights to access their Twitter account.
An app called “money works new” hardly sounds like it would be connected to a music video, and you would be wise not to give it access to your account. But, as we’ve seen in the past, Twitter users can be tricked by such an attack into making poor decisions.
Indeed, even Lady Gaga herself appears to have recently fallen foul of such a scam on Twitter.
If you do make the mistake of authorizing the app, the scammers won’t waste any time posting the same message from your account – hoping to entrap more victims.
If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.
Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.
If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.