Scammers are taking advantage of recent Super Bowl social buzz in a scheme that targets entrants of an Esurance contest. The company premiered a commercial following Super Bowl, where they offered US$1.5 million to one lucky Twitter user who used the hashtag #EsuranceSave30. Following this, Symantec Security Response has observed a number of fake Esurance Twitter accounts being created to leverage the attention generated by this contest.
Many of these Twitter accounts used variations of Esurance’s brand name and logo to convince users they are affiliated with the company. These accounts include the following Twitter handles:
There are also other accounts that use logos and imagery making them look like they belong to Esurance, but their names have nothing to do with the brand. An example is an account named @HelpfulTips, whereby the “l” in Help is the capitalized letter “i”.
This account, created in December 2012, has racked up thousands of followers but performed an “account pivot” during the contest – it changed its avatar, bio and header image, and claimed to be part of the Esurance giveaway. The account added thousands of Twitter followers and received more than 40,000 retweets overnight for a tweet related to the contest.
Figure 1. Twitter account that claims to be associated with the Esurance giveaway
Earlier this afternoon, it performed yet another account pivot – after gaining enough followers from the Esurance tweets, it reverted back to a LifeHacks account.
Figure 2. Fake Esurance account pivots back after gaining thousands of followers
Many accounts of such nature focus on gaining retweets and followers, but Symantec has identified further abuse. For example, one of the fake Esurance accounts has asked its followers to donate money to increase their chances of winning the contest.
Figure 3. Twitter account asking for donations to increase chances of winning a contest
This campaign was shut down quickly, but already received US$261 in donations by then.
These accounts could also be used to send phishing links to followers, asking them to login to Twitter to earn more entries in the contest.
Why are these accounts being created in the first place? By riding on the popularity of the contest and the hashtag, some of these accounts have gained anywhere between 1,000 to 100,000 followers. After that, the owners of these accounts are able to sell these fake accounts to individuals who are looking for accounts with real Twitter followers instead of fake ones. This can then be used for affiliate spam.
As more brands use Twitter for marketing purposes, Symantec advises users to look for and follow updates and contest rules from Twitter accounts that are “verified” and/or officially associated with the brand. In this case, Esurance has provided a set of official rules and frequently asked questions on their website.
If you suspect an account is attempting to mislead users on Twitter, you can report the account to Twitter.
To learn more about social media scams, follow Symantec Security Response team on @threatintel and read our blogs on previous Twitter scams: