Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Not a Twitter Experiment: Scammers Capitalize on Twitter Recommendations

Created: 03 Dec 2013 23:29:52 GMT • Updated: 23 Jan 2014 18:02:34 GMT • Translations available: 日本語
Satnam Narang's picture
+2 2 Votes
Login to vote

Yesterday, a number of Twitter users were duped into following fake Twitter accounts known as @VerifiedReport and @MagicReports. Both accounts claimed to be part of a Twitter experiment between users, news organizations, and journalists, and followed a number of Twitter users while tweeting the following, “This is a Twitter experiment. We are changing the way users interact with journalists and news organizations.”
 

Twitter Exp 1.png

Figure 1. MagicRecs notification about @VerifiedReport
 

Many users who discovered these accounts did so through a legitimate Twitter account known as @MagicRecs.
 

Twitter Exp 2.png

Figure 2. MagicRecs, an experimental Twitter account
 

MagicRecs is an experimental account developed by Twitter that “sends personalized recommendations as direct messages (DMs) when something interesting happens in your network.” This service was recently integrated as a feature in Twitter’s mobile applications, and Twitter states, “With this new feature, you’ll receive personalized recommendations when multiple people in your network follow the same user or favorite or retweet the same Tweet.”

Users who have used @MagicRecs swear by it, which is why it makes sense that scammers would try to create fake experiments as they tap into the credibility of the legitimate service.

Some users did question the validity of both accounts, while others, including Twitter employees followed them, especially after @MagicRecs recommended it.

 

 

Twitter has since suspended both of the accounts. However, there are some other suspect accounts that still remain active. These include @MagicFavs, @MagicSmacks, and @MagicSext, which was recommended by @MagicRecs and has nearly 1000 followers.

Symantec found that neither account attempted to send us links through direct messages. While it’s still unclear what these accounts were created to do, it serves as a reminder that scammers continue to experiment with new ways to scam unsuspecting Twitter users into clicking on links to steal login credentials or make money through affiliate program schemes.

When using a legitimate service like @MagicRecs, be skeptical about which accounts you choose to follow. Check to see if Twitter has verified the account, especially if it claims to be owned by Twitter. Remember, if it sounds suspicious, there’s a good chance that it is.