Twitter users, beware: there is a new scam spreading as you read this. Like most of the scams on Twitter lately, this one tricks you into giving an app permission to access your Twitter account, posts unwanted tweets, and attempts to get you to fill out a survey to get money for the scammers. More detail about exactly what this scam is, and how to avoid it, below.
First reported by Sophos’ Naked Security blog, the “Unfollow Me” scam operates like any other: it entices unwitting Twitter users into giving permission to a rogue app through a promise that it never fulfills, with the ultimate goal of getting users to fill out surveys for “prizes” that are never seen.
Tweets like this began appearing on Twitter this morning:
One dead giveaway that these are scammy – and not legitimate – claims to show you how many people have unfollowed you is the fact that they all contain multiple trending topic hashtags. Scammers often include these in hijacked tweets to get them in front of more eyeballs.
The link included in these tweets will take you to a page asking you to give permission to “Finder332” to access your Twitter account. The unsuspecting user would do this in order to see who unfollowed them, but this rogue app is only pretending to offer that insight – in reality, once a user has given Finder332 permission, it will start tweeting from that users’ account a similar message as the ones above, without the users’ knowledge. This is how the scam is spreading virally: users who allow the app to access their Twitter account are tweeting phrases like “34 people have unfollowed me. find out how many have unfollowed you [LINK]” without knowing it.
After giving the application permission, users are still strung along by the scammers who present them with a page that looks like it will show them who has unfollowed them… but only after they fill out a survey. And although this survey promises prizes like an iPad 2, these prizes never materialize, nor does the number of people who have unfollowed a particular user. The survey, once filled out, gives the scammers some money and the user is left with nothing to show other than rogue tweets posted to their account without their knowledge and a lot of wasted time.
Bottom line: Do not give this or similar applications permission to access your account. You should also notify any one of your Twitter friends who has posted a tweet similar to the examples above that their account might be compromised. If you or a friend has already given permission to this app, revoke it immediately by navigating to “Connections” within the “Edit Your Profile” menu of Twitter.com.