Compromised Twitter accounts spam out money-making adverts

Compromised Twitter accounts are once again being used by criminals to spam out adverts to unsuspecting users.

In the latest attack, Direct Messages (DMs) have been sent between Twitter users promoting a “make money fast” website.

A typical message looks like this:

Twitter spam message

Sign up to our free newsletter.
Security news, advice, and tips.

I made $XXX today - check out how I made it
[LINK]

(In the examples we have had reported to us, the amount of money has varied)

Clicking on the link takes the unsuspecting recipient to a website which claims, in breathless tones, to help single mothers and teenagers to make “thousands of dollars” every day.

Website promoted by Twitter spam message

The likelihood is, however, that all that will happen is that you end up out of pocket if you invest in the site’s Home Wealth Formula.

Interestingly, the website tries to attempt to customise its content to appear more attractive to you. For instance, I visited the site from Sophos’s British HQ in Abingdon, Oxfordshire, and the website duly described itself as the “Abingdon Business Journal” (no such publication really exists).

But although it is trying hard to make its content more attractive to me, by pretending to be a report from my doorstep, it hasn’t gone to the effort of claiming i can earn British pounds rather than US dollars. The scammers just haven’t thought this through, have they?

Nevertheless, there will no doubt be Twitter users who trust DMs sent to them by their friends and may click on the link, and some of them may be tempted to sign-up for the scheme.

But what if you own one of the Twitter accounts which is spamming out the messages?

It seems likely that your account has been compromised as a result of one of the recent phishing attacks which have struck Twitter users.

Twitter phishing page

Aside from changing your password, it would also make sense to scan your computer with an up-to-date anti-virus and check that you have the latest security patches in place.

If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.

Update: Thanks to reader Eric, who brought to my attention that the spam messages are also being sent as classic messages, not just DMs.

Here’s an example:

Spam tweet


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.