A scam called Who Viewed Your Profile has reached Australian Twitter users as unsuspecting victims clicked on a convincing looking third-party application.
Once the application accessed the users' account, it started sending out a post on their Twitter account which read `I just viewed my top 10 stalkers’ and included a shortened website link.
Another message it posted was `I can’t believe my ex is one of my top 10 stalkers.' Followers or other users who clicked on the link were urged to connect with the same third-party application.
While links used by the scam on the social networking site were blocked by URL shortener Web site bit.ly, some Australian users were affected on 7 March.
AVG ANZ security evangelist, Lloyd Borrett said in a blog post that the application message suggested that users will be told about the top people visiting or viewing their profile. He said the company was still determining the origins of the scam.
“The shortened URL link takes them to a Web page where they are asked to accept yet another rogue application," the post reads. "Of course, you never do find out who has actually viewed your Twitter profile.
"You’ve just helped the bad guys spread their scam, and maybe been deceived into giving them some of your hard earned money by completing surveys.”
He added that if the user has clicked on any similar links and authorised the application to access their account, they must access their account settings and revoke access.
“To be safe, you should also change your account passwords as well. It’s vitally important that you always exercise extreme caution about which third party applications you allow to connect with your Twitter, Facebook and other social media accounts,” he said.
Borrett said the scam follows in the wake of a similar Twitter scam which emerged in late February.
"Thousands of Twitter users were scammed into clicking on tiny URL links in the belief they would be told how many hours they had spent on Twitter," he said.
"They would be taken to a Web page and asked to allow a rogue application called Time on Twitter to connect with their Twitter accounts."
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU