Twitter `stalker’ scam reaches Australian users

Be careful of third party applications, says AVG

A scam called Who Viewed Your Profile has reached Australian Twitter users as unsuspecting victims clicked on a convincing looking third-party application.

Once the application accessed the users' account, it started sending out a post on their Twitter account which read `I just viewed my top 10 stalkers’ and included a shortened website link.

Another message it posted was `I can’t believe my ex is one of my top 10 stalkers.' Followers or other users who clicked on the link were urged to connect with the same third-party application.

While links used by the scam on the social networking site were blocked by URL shortener Web site, some Australian users were affected on 7 March.

AVG ANZ security evangelist, Lloyd Borrett said in a blog post that the application message suggested that users will be told about the top people visiting or viewing their profile. He said the company was still determining the origins of the scam.

“The shortened URL link takes them to a Web page where they are asked to accept yet another rogue application," the post reads. "Of course, you never do find out who has actually viewed your Twitter profile.

"You’ve just helped the bad guys spread their scam, and maybe been deceived into giving them some of your hard earned money by completing surveys.”

He added that if the user has clicked on any similar links and authorised the application to access their account, they must access their account settings and revoke access.

“To be safe, you should also change your account passwords as well. It’s vitally important that you always exercise extreme caution about which third party applications you allow to connect with your Twitter, Facebook and other social media accounts,” he said.

Borrett said the scam follows in the wake of a similar Twitter scam which emerged in late February.

"Thousands of Twitter users were scammed into clicking on tiny URL links in the belief they would be told how many hours they had spent on Twitter," he said.

"They would be taken to a Web page and asked to allow a rogue application called Time on Twitter to connect with their Twitter accounts."

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags AVGsecuritytwitterphishingsocial media

More about ANZ Banking GroupAVG Technologies AUFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts