Published on June 4th, 2014 | by admin

Scammers Abuse Twitter Features, Trick Thousands with ‘Follower’ Scheme

4 June 2014, Sydney, AUSTRALIA – A series of enhanced follower scams has tricked thousands of Twitter users after a group abused the platform’s authentication system, TweetDeck and Trends section, antivirus software provider Bitdefender warns. The security company reported the scams and notified the micro-blogging company of the dangerous web sites, which are massively promoted through Twitter Trends. 

The `entrepreneurs,’ who may be from Turkey, are profiting from users’ eagerness to gain visibility on the platform. In the past month, they have registered dozens of similar web sites with top level domains such as “.com”, “.net” and “.us”. The cyber-group offers free or paid Twitter followers in exchange of users’ authentication tokens.

Those who click on the ‘free’ option get 20 followers at the blink of an eye – both legitimate users and bots. However, they are also subscribed to the system without their knowledge, so they can follow 100 other users as well.

“While Facebook scams promising new likes are just silly baits, these Twitter scams really deliver what they claim – tens of new followers that are willing to ‘adore’ what you tweet,” Bitdefender Chief Security Strategist Catalin Cosoi said. “It’s somehow ironic that there is a price to pay even in the ‘free’ version, as they get away with your authentication token. The merchandise is actually YOU.”

To hijack the accounts, scammers abuse the legitimate TweetDeck application that allows users to sort content on the micro-blogging platform. To get new followers, users have to authorise the app, which may post on their behalf, see who they follow and follow new people. In the process, scammers make away with the tokens and receive TweetDeck’s permissions without users’ knowledge.

The follower web sites are also loaded with commercials for dubious games, torrents and software downloads, and some trick users with malvertising.

In April 2013, a research team discovered the Twitter OAuth feature in the application programming interface (API) can be abused to hijack accounts. Access tokens allow scammers to perform several actions through the Twitter API without a password. Attackers may post new tweets on behalf of the hijacked accounts, read and send private messages, and change users’ location without their knowledge.


Bitdefender advises users who were tricked with this new follower scam to uninstall TweetDeck and reauthorise it. They should also run a security scan to check for malware on all the devices they used to log into Twitter.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the Author'

Back to Top ↑