Attention Twitter users! Be on the lookout for a new spam campaign that claims you can hack your friend's account.
Christopher Boyd, a malware intelligence analyst at Malwarebytes, explains in a blog post that the spam messages are redirecting would-be hackers on Twitter to visit the following website: hacktwitterpassword[dot]com.
Once the visitor enters a Twitter handle into the site, they are asked to help promote the service by sharing its website on their Facebook wall, liking both of its Facebook business pages, and sharing a promotional message on Facebook, Twitter, and WhatsApp.
"Hack any Twitter account with this awesome website (Y) working 100% I just hacked my friends account wow it worked for me thanks to [URL] Enjoy hacking"
The message won't fit in a tweet, but it'll work in a DM and countless other social media posts.
After "retrieving" the submitted Twitter handle's corresponding password, the website generates a file named pass.txt.
But there's a catch. Visitors to the site will not be allowed to read that file, which is almost undoubtedly NOT someone's hacked Twitter password, until they choose to complete a survey.
There are so many things wrong with this spam campaign.
First, a Twitter user has no business looking for ways to compromise other people's accounts.
Second, that aspiring bad actor makes the mistake of placing their trust in a questionable website, where they decide to fill out forms, click on links, download files to their computer, and in some cases even enter login credentials for their own account. Bad idea, especially if they are attempting to compromise someone's account and not get compromised themselves!
Boyd explains that scams have disguised themselves as ways to hack social media accounts in the past, knowing there is an eager audience keen to learn how to do it:
"Hack social media account x” websites have been around for a long time, and consistently fail to pony up the (stolen) goods. Don’t waste your time adding a few cents a pop into the pockets of somebody trying to get rich quick. At best, you’ll have wasted your time and lost a few friends due to spamming them with nonsense; at worst, you’ll have lost your account and / or have handed over your personal details to spammers, alongside installing programs you didn’t actually want."
If you come across a message belonging to this spam campaign, hover your cursor over the tweet in question, click on the three circles displayed horizontally towards the bottom of the tweet, and report the message to Twitter's anti-spam center.
Additionally, make sure you stay on the lookout for these other Twitter spam campaigns.