Ah, Twitter phishing spam, don’t you just love it? We don’t normally post warnings about these things but quite a lot of people seem to be falling for this one so we’re dropping a friendly word to keep an eye out.
If one of your friends tweets: “i just loged in to new service where i can get ipad” via an app called “iPad Beta Testig”, don’t click through. If the poor spelling doesn’t give it away, the improbability that anyone would be giving away iPads to beta test when the thing’s been out since April should.
That said, it’s fooling a lot of people, and has been for the past few hours. We’re seeing about 20 tweets of the spam every minute via a Twitter search, in some cases the site sends a Direct Message out to followers too.
There’s no way we’re clicking the link to investigate but we’ve heard word that the link exploits an oAuth security hole that ends up sending out a tweet and/or DM without your permission. One victim told us that the site “Asks to connect Twitter account, and after that gives no indication it’s doing anything, but then sends out DMs and Tweets.” It appears to be a repeat of an attack that took place at the start of March.
Leave well alone – no free iPads here!