It is just another day at work. Everything is smooth until my very informative colleagues forwarded me a tweet they ran across where a Twitter user was added to a seemingly suspicious list:
This quickly aroused our attention, as a new phenomenon happening online. The trick is simple: spammers add your Twitter handle to their lists. This might sound trivial, but there is no limitation on doing so. In this particular case, the spammer uses a shiny title – “Miley Cyrus Sex Tape” – conveniently timed to recent trending news.
We decided to investigate a bit further and found some interesting results. The list owner (@MileyCyrusSexT3) has created many lists and added thousands of members to these lists — specifically, 21 lists with 91,383 members. What is interesting, is that this Twitter account itself was created today at 9:27am, only a few hours ago.
The spammer also embedded the spamming message in the description of the Twitter list. For example, in this case, this “Miley Cyrus Sex Tape” list had a bit.ly shorten URL ([hxxp]://bit.ly/MileyCyrusLeakedTape), which points curious readers to a web page that has a video that is covered by a service offer window—requiring visitors to subscribe to a service to unlock the video.
Once a user is added in a list by someone, he/she may receive a notification. Hence, many famous Twitter users may be flooded by tons of these adding notifications.
There is no way to block such activities, as Twitter allows users to create lists that can include any accounts, without any permissions (i.e., no need to follow them or get them to follow back). Detailed list usage is here.
We quickly checked a few other top Twitter accounts and found that there are at least three spamming campaigns going on right now using this technique: a) Miley Cyrus Sex Tape, b) Amazon Gift Money, c) Paypal Money Hack. See the following screenshots.
For now, the temporary solution is to manually block any lists owners who might add you to one of these suspicious lists.
This might work in the short term, but it certainly might become tedious for any Twitter users who may have been added to hundreds of lists.
To really resolve such an issue, Twitter needs to fight harder with spammers, and may consider adding restrictions on list creation or list additions.