At least 10,000 Twitter users fell for a scam that spread like wildfire across the social networking site early today.
Quick action by link shortening service bit.ly – as well as thousands of people retweeting warnings – brought the scam attack under control in a few hours.
Graham Cluley of security company Sophos raised the alarm early this morning, after being alerted by one of his contacts.
The scam message said: “I have spent 11.6 hours on Twitter. How much have you? Find out here.”
Clicking the accompanying bit.ly link, then the “Allow” button on the next page, did no such thing. Rather, it gave the scam app access to post a tweet in your name, repeating the same message, and spreading the scam link further.
Techland contacted Cluley for an update.
He said: “According to the bit.ly statistics, the link was clicked at least 10,000 times. But other links that were used as variants of the scam started to spread, so the total figure was probably higher than that. It was largely under control before American timezones woke up, because the people at bit.ly noticed and de-activated the links the scammers were using.”
What are the scammers after? Your clicks. The whole thing is an attempt to lure people to a survey page which earns money for visits.
Cluley’s in no doubt that this is the tip of an iceberg. “It’s amazing just how fast this one spread. In the time it took me to take a screenshot, there were 400 more search results.
“There’s potential for many more scams like this in future, in other disguises.”