Another day, another round of diet spam on Twitter

Graham Cluley

Watch out on Twitter today, there’s a wave of spam being sent out.

Actually, scratch that. You should watch out on Twitter *every* day. Not a day goes past without spammers sending direct messages or posting public tweets designed to phish from the unwary or direct traffic to their money-making websites.

Here’s the very latest attack, promoting (quite blatantly) a diet with the message “Summers coming..” (Apologies to those in the Southern Hemisphere for whom that message is clearly inappropriate)

Tweets

If you click on the link you are taken to a webpage designed to sell “Miracle Garcinia Cambogia Beans” with the help of a video from Dr Oz, and a picture of French newsreader Mélissa Theuriau (although the webpage claims that she is a Women’s Health staffer called Helen Hasman).

Spammers webpage

The headline reads:

Lose 23 lbs of Belly Fat in 1 Month With This Diet Cleanse That Celebrities Use. Exclusive Offer for Readers.

There is no suggestion, of course, that Women’s Health, Mme Theriau or Dr Oz are in anyway connected with the spam campaign. Their names and images are presumably just being exploited by the spammers to help make some quick and dirty cash.

And, as you can see by the screenshot below of what happens when you try to leave the webpage, they are pretty pushy sales people.

Pushy sales message

If you find that one of your Twitter accounts has been sending out spam messages like these, change your password immediately. Furthermore, if you use the same password elsewhere online, change those as well. It’s important that you never use the same password in multiple places, and ensure that your passwords are hard to crack or guess.

You should also check what third party applications you have connected with your Twitter account, and revoke permissions for any which you don’t need, or that look suspicious.

Don’t feed the spammers, and don’t help them get fat by buying goods sold via social networking spam.

Further reading: “About the Twitter diet spam”, an examination of the campaign by Finnish security researcher Janne Ahlberg, who has also described similar attacks affecting Pinterest and Tumblr.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Another day, another round of diet spam on Twitter”

  1. Hi. I found my account was compromised so I changed my
    password immediately. I'm desperately trying to figure out
    how my account could've been compromised. I never visit
    suspicious websites and the only apps I have authorised on my
    Twitter account is legit companies. Apple, Instagram, LinkedIn,
    Camera+, Soundcloud, dlvr.it, Tapbots, Disqus. That's it!
    No other apps and I only access my accounts from my own devices.
    Mac at home, Macbook, iPad app and iPhone app?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES