Another day, another round of diet spam on Twitter

Watch out on Twitter today, there's a wave of spam being sent out.

Actually, scratch that. You should watch out on Twitter *every* day. Not a day goes past without spammers sending direct messages or posting public tweets designed to phish from the unwary or direct traffic to their money-making websites.

Here's the very latest attack, promoting (quite blatantly) a diet with the message "Summers coming.." (Apologies to those in the Southern Hemisphere for whom that message is clearly inappropriate)

Tweets

If you click on the link you are taken to a webpage designed to sell "Miracle Garcinia Cambogia Beans" with the help of a video from Dr Oz, and a picture of French newsreader Mélissa Theuriau (although the webpage claims that she is a Women's Health staffer called Helen Hasman).

Spammers webpage

The headline reads:

Lose 23 lbs of Belly Fat in 1 Month With This Diet Cleanse That Celebrities Use. Exclusive Offer for Readers.

There is no suggestion, of course, that Women's Health, Mme Theriau or Dr Oz are in anyway connected with the spam campaign. Their names and images are presumably just being exploited by the spammers to help make some quick and dirty cash.

And, as you can see by the screenshot below of what happens when you try to leave the webpage, they are pretty pushy sales people.

Pushy sales message

If you find that one of your Twitter accounts has been sending out spam messages like these, change your password immediately. Furthermore, if you use the same password elsewhere online, change those as well. It's important that you never use the same password in multiple places, and ensure that your passwords are hard to crack or guess.

You should also check what third party applications you have connected with your Twitter account, and revoke permissions for any which you don't need, or that look suspicious.

Don't feed the spammers, and don't help them get fat by buying goods sold via social networking spam.

Further reading: "About the Twitter diet spam", an examination of the campaign by Finnish security researcher Janne Ahlberg, who has also described similar attacks affecting Pinterest and Tumblr.

Tags: , , , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Listen now

Subscribe to the free GCHQ newsletter

, , , ,

One Response

  1. Ruvann Beukes

    October 7, 2013 at 8:43 am #

    Hi. I found my account was compromised so I changed my
    password immediately. I'm desperately trying to figure out
    how my account could've been compromised. I never visit
    suspicious websites and the only apps I have authorised on my
    Twitter account is legit companies. Apple, Instagram, LinkedIn,
    Camera+, Soundcloud, dlvr.it, Tapbots, Disqus. That's it!
    No other apps and I only access my accounts from my own devices.
    Mac at home, Macbook, iPad app and iPhone app?

Leave a Reply