Avoid: "I just hacked my friend's account" Twitter spam

Britain’s Got Talent – and Twitter Spam

Yesterday, an awful lot of Twitter users following some of the winners and finalists from Britain’s Got Talent may have run into a number of dubious tweets leading to spam sites.

Accounts belonging to 2014 finalist Jon Clegg and a member of winners Collabro were both auto-posting Dr. Oz spamlinks:

Another compromise

With a combined audience of some 26k, that’s a lot of recipients potentially clicking what looked like links being sent out by their favourite celebrities.

There were around 300 or so spamposts in one hour alone, the bulk of which were being sent from the same 15 or so accounts – with a large slice of compromised celebrity tweet action thrown into the mix for good measure:

Spam tweets

The singer and comedian have already realised something is up and have started alerting their many followers not to click the links, so hopefully that will help to prevent any further spread via eager retweets from their fans.

Thankfully the links were “just” weight-loss spam sign ups – if they’d been touting malware, it could have been a lot worse. Here’s an example landing page:

Garcinia page

Show some caution when clicking on links, and give yourself a quick refresher on Twitter security best practices in the meantime. If you do, the judges will definitely put you through to the next round…

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.