Twitter users have been seeing a strange phenomenon in their mentions inboxes: Alerts that they are being added to lists by some very oddly named entities–something like “Paypal Money Adder added you to the list PayPal Money Adder 2013.” In some cases the same Twitter handle may be adding other users to the same list several times over. It’s a new spamming effort.
The list adds, which may seem to come from a reputable company like Facebook or PayPal, are a simple attempt to get users to click on the spammer’s Twitter handle and then, finding not much info or just a plain URL, to click on to a website the spammer would like you to visit. Considering typical spammer tactics, the ultimate URL may be a site that’s posing as another in order to phish for your user data, or perhaps to inject malware onto their target’s machines.
Spammers have long used Twitter’s @mentions to bombard users with enticing URLs, and Twitter quickly got wise to the trick, so it added a “report spam” button that’s relatively easy to find and activate. But reporting the lists spam requires a few more steps. While these lists are showing up in people’s inboxes, there’s always the chance someone will click on them and fall for the attack–ultimately earning the spammer money.
Twitter hasn’t made any announcement on the matter yet, but considering its earlier responses to spammers, and that it would prefer not to have such unpleasantness on its social network as it prepares for an IPO, we can guess that the team is working on a fix. Until then, be vigilant and avoid clicking on URLs that you’re not confident about.