Twitter link scams grow in complexity?

It’s always gratifying to have someone reply to your tweets. But not, however, if they don’t actually exist – as I started to find out a few weeks ago. To whit: a response I received to a twitter comment – here it is – was repeated four days later. Another Twitter response has been repeated twice by different Twitter ‘users’.

Now, call me a cynical old hack (it won’t be the first time) but I sensed something fishy going on. When I looked at the accounts in question however, they appeared kosher – at least at the outset. Genuine-ish sounding names, genuine-looking photos and profiles, tweets that looked human. and only a small number of shortened URLs.

Looking more closely however, things became more fuzzy. That @richardarguinem chap – why is the photo of a woman with a baby? And why was @jesusbig4, a Miami resident, tweeting about George Osborne’s benefits claims?

On inspection it quickly became apparent that these were not real people, but rather, Twitterbots that were taking other peoples’ tweets and adding them to their own streams of automated consciousness. And here’s the ‘clever’ bit: shortened URLs were included only every now and then, but when there, they linked to shopping sites.

So, is this just another example of link bait using the latest social tool? Yes, in part. The links I tried (using a sandbox virtual machine) went through to game sites or lifestyle questionnaires, both of which presumably have some kind of affiliate relationship. In other words, nothing particularly illegal, though potentially lucrative.

Is it really that bad, apart from clogging up the twittersphere? Again, yes, in part. A number of risks arise from what might be just an initial foray into even more complex Twitter scams. It would be easy, for example, to tap into popular hashtags or even read users own bios and tweets, and send people in related directions – to download the referenced film, for example, or respond to an associated survey.

Equally, just because linked sites aren’t dodgy now, there’s nothing to stop them being so in the future. I wouldn’t put it past a URL scammer to link to a scareware site -“Your computer has been infected, please download the patch” etcetera.

What to do, apart from being vigilant and keeping genuine ‘shortened URL’ protections in place? Most of all, each one of us has a role in reporting such twitterbots – remember that they rely on looking similar to the real thing, so if one is left unreported for a few weeks, it becomes harder to spot.

No less important is education – for example by broadcasting names of Twitterbots and telling people what they are up to. It’s a shame nobody has come up with an automated tool which enables twitterbot followers (there are some, it’s easily done) to be informed about their error, so they too can do something about it.

The bottom line is that hackers follow the money, so where there’s opportunity, it’ll be taken. Awareness is perhaps the best weapon we have.

 

Postscript: I happened to leave a Twitter search on the term “touchpad” going as a Tweetdeck column. It’s pretty obvious where the linkbait is happening – and what Twitter could do about it – not least, looking for multiple RT’s on tweets more than ten days old. Just sayin’…