A new Twitter scam features a fake video of President Obama punching someone for insulting him, all designed to steal passwords and push malware, Internet security firm PandaLab has noted today. The microblogging site’s users are advised to ignore a direct message asking them to click a link to watch the clip.
Spammers are also creating fake pages designed to mislead unsuspecting victims. The scheme uses the likes of Facebook, YouTube and Twitter for disgraceful purposes, according to PandaLabs.
The direct message, reading “Check out Obama punch a guy in the face for calling him a n*****,” flanks a link that begins with a Facebook.com prefix which leads to a fake Facebook page asking for a Twitter user’s credentials.
“Every time you receive a direct message, you should check with the sender that they have knowingly sent it to you,” Luis Corrons, technical director of PandaLabs, said in a post. “Make sure it has not been automatically forwarded to you from a hacked account. As a general rule, always keep your antivirus software up to date and be wary of messages offering sensational videos or unusual stories as, in 99 percent of cases, they are designed to compromise user security.”
Spammers would later use the credentials to skyjack the link-clicker’s account thus continuing the vicious cycle — sending messages to the victim’s Twitter contacts. Once the link-clicker has surrendered his Twitter credentials, a fake YouTube-app download message that reads “an update for YouTube Player is needed,” while presenting an install button.
If the button is clicked, a worm, capable of infecting the computer and stealing personal data, is downloaded.
The scam is a variation of one that has been spreading, according to Cnet, through direct messages along with a malicious link such as: “What exactly do you think you’re doing on this video clip”, “Hello this guy is saying bad rumors about u…” or “Did you see this pic of you?”