There is a scam that’s spreading virally on Twitter right now, claiming to show you how many hours you’ve spent on Twitter. Tweets come from already compromised accounts, so they will appear in your timeline as though they are from people you trust. Here’s what to look for and avoid.
**Update** It appears the initial attack has ended, but Spohos reports that the hackers might be trying a new angle using goo.gl links instead of bit.ly and hiding out within a new app called “How many hours”. **
Sophos’ Naked Security Blog reported this scam today. It stems from a rogue application that takes control of people’s Twitter accounts to send out unwanted messages, which lure others into being affected and into filling out a time-wasting survey that gets money for the app creators.
There are several variations of the tweets being sent out. Sophos identifies at least three:
“I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]”
“I have spent 10.6 hours on Twitter. How much have you? Find out here: [LINK]”
“I have spent 12 hours and 25 minutes Twitter in 2011. How much have you? Find out @ [LINK]”
If you see a tweet like these in your timeline, do not click on the link.
The link leads to a rogue application called “Time on Tweeter”. The application instantly sends out a tweet on the Twitter feed of those who have connected to the app with their Twitter account. The tweet will be similar to the ones above, and the compromised account owner will not know that it’s been tweeted.
Then, the app directs you to a survey which does not calculate how much time you’ve spent on Twitter. Instead, it generates money for the scammers if you fill it out.
If you’ve already given access to “Time on Tweeter”, Sophos suggests you revoke it immediately.
This scam is spreading fast, so be wary about clicking any links which claim to have measured how much time someone has spent on Twitter, even from even those you trust.