Monday, June 25, 2012

StalkTrak App Phishing Scam Steals Twitter Login Information

Twitter iconAre you dying to know who’s checking out your Twitter timeline?

Contrary to what the fake Twitter authorization page may say, the “StalkTrak” app does not show you a list of your Twitter “stalkers.”

No, instead it will steal your Twitter login, send that off to the soon-to-be new owners of your Twitter account and show you a bogus list of those that allegedly lurk on your Twitter profile to distract you in the meantime.

How the StalkTrak App Phishing Scam Works

  1. Your personal invitation to be scammed comes in the form of a DM reading something like this:
    Check this app out [SHORT LINK] it displays anyone that has viewed you on Twitter!
    Check this app out [SHORT LINK] it displays anyone that has viewed you on Twitter!

  2. StalkTrak App Phishing Scam PageOnce you click on the link, you will be taken to a spoofed Twitter app authorization page that hopes your desire to find out who’s checking you out on Twitter is enough to get you to enter your Twitter account login credentials.

    (Note the funky domain name that almost looks like it’s meant to mimic the domain, but not quite.)

  3. Bogus Results from StalkTrak "App"Your login information is sent off to the cybercrooks and you’re redirected to a fake page displaying a list of Twitter users divided into 3-columns named “Mutual”, “Stalking” & “Stalkers.”

    (Btw, I know this isn’t an actual working app because I entered fake Twitter login credentials on the authorization page and yet I was still taken to the “results” page. I’d imagine it would be difficult to give me a list of my stalkers if you don’t have my real Twitter name, yes?)

Now that we’ve blown the cover on this phishing scheme (which has been around for months, apparently), what shall we do about it?

What to Do if You Get a Phishing DM on Twitter

If you’re ever sent a DM that claims that you can find out who’s stalking you or that there’s someone spreading rumors about you, it is recommended that you:

Have you received any messages on Twitter urging you to check out the StalkTrak app? So far we’ve received two, but they were from the same user.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment