Spammers will take advantage of Twitter’s enablement of user targeting by UK brands, warns information security firm Sophos.
Sky has already used the promoted tweets feature to promote TV show 'Glee' returning to UK screens. To increase awareness of the show Sky used the Twitter account @gleeonsky, and paid for the hashtag #gleeonsky to be promoted as a trending topic to tweeting Brits.
When hashtags are advertised on Twitter, spam accounts are set up specifically for the purpose of distributing messages containing the hashtag, in this instance #gleeonsky encouraged users to click on these malicious links.
“Even if a hashtag or a tweet is sponsored, Twitter users should be wary about clicking on unknown links, just as they would be in their inbox,” says Sophos senior technology consultant Graham Cluely. “Most spammed tweets are claiming to link to sites containing illicit celebrity photos, but the spammers can choose to redirect users to any webpage they choose once they’ve clicked on a link. It could be a phishing site designed to steal Twitter credentials, it could be a fake pharmacy, it could be an explicit or offensive site, or it could be a website harbouring malware."
Promoting hashtags on Twitter and making them trending topics can cost companies considerable amounts of money. Sophos warns Twitter firms will not take kindly to their brand being associated with spams, scams, and malware, especially when they are paying for the special promotion.
"As more and more people fall in love with Twitter as a way of communicating, cybercriminals are abusing the service to put money in their own pockets," adds Cluley. "No company wants to have its brand tarnished through association - so it's time for an advertising-supported Twitter to grow up and get more serious about stopping spam."
Sophos has called on Twitter to get more serious about protecting their users and paying corporate customers against malware and spam.