Oscars scam: Twitter bots spread links to gift card scam sites

Oscars bot campaign on Twitter targeted celebrities

Oscars scams 2018

Twitter bot campaign started on Oscars night and lasted until the morning. Scammers targeted celebrity accounts who tweeted about Academy Awards 2018. Fake accounts posted a link to a gift card scam website that asked to enter personal information in order to claim the prize.

According to the analysis, the malicious link was clicked more than 68,000 times.[1] The obfuscated link pretended to be a Tumblr page called fixyourselff.tumblr[.]com. However, this link redirected to scam website which promised a gift if people enter their personal information.

However, the first scam tweets were spotted before the Oscars night. Scammers just used new tactics and current event to launch more successful attacks. It is said the first link was posted on February 26. Since then malicious links were clicked 277,000 times.

Jordan Peele, Khloe Kardashian, and Ellen DeGeneres were targeted by bots

On March 5, Jordan Peele tweeted about winning an Oscar. The bot called “JordanPeele__” immediately responded with a message followed by the fraudulent link:

Love you guys, here's a gift from me –> bit.ly/xxx

The link redirected to a gift card scam website where users had to enter personal information to get a promised present from Jordan Peele. However, they never received it. Meanwhile, attackers obtained valuable information from the users.

Other Twitter bots, like “@GaIGadot____,” were replying to several celebrity tweets tricking their fans that he or she expresses gratitude and wants to give something for free. Among the targets were Khloe Kardashian and Ellen DeGeneres.

By targeted famous people social media accounts, attackers can reach millions of fans and followers who might easily fell for the hoax. The trick used by scammers is quite simple. They create identical accounts by stealing and using user’s profile picture and profile information.

What is more, no one checks the name of the user account who tweeted and replied to a tweet. The profile picture tricks that it’s the same person. Additionally, scammers are aware of Twitter’s weak spot – they are unable to fight bots effectively on the social network.[2]

Twitter struggles with bot detection

Twitter’s problem with bots is known for a while. However, the company states that fake accounts take up only 5% of all users. But the study gives higher numbers. According to the research,[3] bots include 15% of the social network’s users. It’s hard to tell which data is real. However, the problem remains and Twitter admits it.

Fake accounts on social networks are used for spreading malware or hoaxes like Oscars scam. However, cybercriminals are not the ones who take advantage of bots. These accounts are also used in politics[4] and advertising business.

While some bots try to shape debates or opinions on specific political topics, others help to build the following list and profit from influencer marketing or other forms of online advertising.

Recently, an American company called Devumi was accused of social media fraud.[5] However, the company declined that they offer to buy Twitter followers, video views on YouTube or even endorsements on the business- and employment-oriented social network LinkedIn.

Though, a New York Times investigation claims[6] that Devumi owns and sells at least 3.5 million automated accounts. Such services seem needed too. Among company’s customers are reality TV stars, models, athletes, and many other famous people.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References
Files
Software
Compare