MoMusings

I’ve no idea how many of you out there in blog-land use Twitter, but I’d guess quite a few of you do?

As a relatively new Twitter user, I’ve not seen much of the problems that Twitter has experienced over the last year, including account hacking, phishing, 419 scams, worms and other malcode problems. One area that seems (at least to me) to have been rather quiet has been spam via Twitter.

Until the last week or so, I’ve never received any. I’d be interested to know how many of you out there in blog-land who use Twitter have seen similar things to what I’m about to discuss.

I don’t think there is a specific name for Twitter spam, so I’ve coined one; Twam.

I’m sure the more creative of you out there can come up with something better?

Let’s have a look at a couple of examples I’ve seen in the last week or so:

1. The Vote For Me Twam
I received the following notification and when I checked out the profile for that user all their tweets were requests to vote for them in some beauty pageant.

As you can see at the time I was sent this they had a fair few followers and were following (Twamming) lots of other Twitter users. when I checked this particular account again this morning, it was still active and still only begging for you to vote for her at 60P per text no less! The number of followers now stands at 343 and she is following (Twamming) 1,986 other Twitter users.

2. The Porn Advertising Twam
I received the following notification just this morning and when I checked out the profile for that user they only have one tweet with a link to a porn site! So.they seem to be using Twitter to advertise their porn site.

Shortly after receiving the above notification, I received another using the same name, but from a different Twitter account. Their feed was exactly the same as the first one I received just 30 minutes earlier.

When I just checked both of these accounts (before publishing this) that were advertising a porn website they have now been closed by Twitter.

Needless to say I have blocked these Twitter accounts, as I don’t want to see what they offer and I don’t want to give them any credibility by being seen as being followed by them.

I wonder if this is the start of a major spam (twam) attack on this social networking site? I wouldn’t be surprised as this fate has already befallen FaceBook, Myspace and many other similar sites.

For those of you who are interested in following me on Twitter (no not you spammers/twammers) you can easily find me via my name or my Twitter account which is talkytoaster.

If you spot anything interesting feel free to send me a Tweet or a Direct message.

Take care and happy Tweeting.

I’d like to start this post with an apology [yes, again] as I have been rather slack in posting for quite a few weeks now. This has been due to a number of issues beyond my control including yet another change in my role. I still hope to post material here as often as I can, but it probably won’t be as frequent as it has been. So, to try and start the ball rolling once more I have the following phishy tale for you to enjoy.

Here’s a new one I’ve not seen before, the following e-mail arrived in my ‘Phish‘ inbox late last night [screenshot below]:

That’s nice if I answer just seven questions in a simple survey I will get £25…..I smell a phish, so what do we see when I click on the link?

Hmmmmm…..looks pretty good, quite believable wouldn’t you say?

So, let me see what happens when I fill out the details with bogus data. First let me enter some bogus data for the survey and then click on submit. This is where I’m taken too next:

Aha…..Just as I suspected, this is a phish, as it wants personal data and my credit card data, including the CVV so that the promised £25 can be credited to my card, yeah right. So, let me enter in some more bogus data and click on the Submit button again.

I particularly like the mis-use of the MasterCard SecureCode,VeriSign and Verified by Visa logos, just trying to make you feel secure, how reassuring, eh?

The final page [shown above]informs me that my data has been entered correctly [yeah right!] and that I should see my £25 credit payment on my credit card within 3-5 businees days. More like my credit card will be misused or sold on to others to misuse within 3-5 businees days! Oh, and then I get taken to the real McDonalds UK website, nice

So, it seems that I was right to be suspicious, in fact a quick look at the link in the original e-mail made it obvious to me that this was a phishing scam.

The interesting thing about this Phishing attempt is that this is the first time I’ve seen one targeting McDonalds in the UK.

So, if you are an McDonald’s customer, or think that you’d like £25 for free, be on your guard as it seems that the phishers are now spending significant amounts of their time to finely target their potential victims and try and get you to disclose your details….

As a final note, the Netcraft toolbar plugin which works with Internet Explorer and Firefox now has the domains used for this phish in their database. So, install it and use it, it could save you from making an expensive mistake!

I received an e-mail yesterday asking me to take part in a survey that Walmart were apparently carrying out to gauge customer satisfaction. A screenshot of the e-mail I received appears below:

So, even though I am not and never have been a Walmart customer, let me see where we go if I click on the link provided, as if I were a Walmart customer. This is where I ended up:

Looks like a very typical web based survey, so what happens when I fill in the details and then click on the proceed button at the foot of the survey page? This is where I ended up next:

OK, so they want some more personal details now, they already have my phone number and e-mail address. Now they want my credit card number, expiry date for it and…….my CVV and ATM pin…..hmmmmm; can anyone smell something ‘phishy’ yet?

Yes, this is a phishing scam, squarely targetted at Walmart customers that will be fooled into believing that they will recive 150 US Dollars for filling out the survey and supplying their credit card details. In a few days they will get a surprise, but not the pleasent one they were expecting. Instead of having money credited to their account, they will have lost money through bogus purchases. It may even be worse, their account could be cleared out via ATM withdrawals, or even overdrawn, leaving them with a large bill to pay [unless their bank covers phishing scams and related things] . In the worst case scenario the personal details they gave could be used for identity theft so that loans or mortgages could be set up using the stolen details, leaving the victim with the bills and the resulting damage to their credit rating.