Compromised Twitter accounts are once again being used by criminals to spam out adverts to unsuspecting users.
In the latest attack, Direct Messages (DMs) have been sent between Twitter users promoting a “make money fast” website.
A typical message looks like this:
I made $XXX today - check out how I made it
[LINK]
(In the examples we have had reported to us, the amount of money has varied)
Clicking on the link takes the unsuspecting recipient to a website which claims, in breathless tones, to help single mothers and teenagers to make “thousands of dollars” every day.
The likelihood is, however, that all that will happen is that you end up out of pocket if you invest in the site’s Home Wealth Formula.
Interestingly, the website tries to attempt to customise its content to appear more attractive to you. For instance, I visited the site from Sophos’s British HQ in Abingdon, Oxfordshire, and the website duly described itself as the “Abingdon Business Journal” (no such publication really exists).
But although it is trying hard to make its content more attractive to me, by pretending to be a report from my doorstep, it hasn’t gone to the effort of claiming i can earn British pounds rather than US dollars. The scammers just haven’t thought this through, have they?
Nevertheless, there will no doubt be Twitter users who trust DMs sent to them by their friends and may click on the link, and some of them may be tempted to sign-up for the scheme.
But what if you own one of the Twitter accounts which is spamming out the messages?
It seems likely that your account has been compromised as a result of one of the recent phishing attacks which have struck Twitter users.
Aside from changing your password, it would also make sense to scan your computer with an up-to-date anti-virus and check that you have the latest security patches in place.
If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.
Update: Thanks to Naked Security reader Eric, who brought to my attention that the spam messages are also being sent as classic messages, not just DMs.
Here’s an example: