Twitter Phishing Scam: FIND OUT WHO STALKS YOUR TWITTER! THIS NEW APP ROCKS!
There is an on-going phishing scam targeting Twitter users. This scam follows a similar lure: profile/page stalking.
FIND OUT WHO STALKS YOUR TWITTER! THIS NEW APP ROCKS! http://[redacted]
The link that's included in the tweet directs the user to what looks like a legitimate Twitter Application.
This page borrows the same template that is used to authorize Twitter applications legitimately. The scammers have made a few changes here, such as inserting a bullet point for "View Who Is Stalking Your Twitter" as well as informing the user that this application will no longer be able to access direct messages after June 30th, 2012. Legitimate Twitter applications recently lost permission to access direct messages on June 30th, 2011, which required users to re-authenticate these apps.
Users who enter their Twitter logins will have their credentials phished and the same tweet posted above will be seen by their followers.
The scam continues by redirecting users to a fake page to give it some authenticity. The usernames associated are made up and do not represent any type of stalking activity.
Upon further investigation, I was able to determine that the scammers are using the same user interface elements of a legitimate Twitter application called tweetspect.
Here is an example of TweepSect analyzing a Twitter profile:
REMEDIATION
If you or someone you know fell for this scam, the most important thing to do is change your Twitter password: http://twitter.com/settings/password
Whenever you come across scams like these, report them to Twitter and warn your friends and followers about them. You can reach out to Twitter's Safety team by sending a reply to @safety.
