Avoid: "I just hacked my friend's account" Twitter spam

Avoid: “I just hacked my friend’s account” Twitter spam

We’re seeing references to a website which claims to let visitors hack Twitter feeds of their choosing. It is, of course, all highly technical and they can’t possibly reveal the secrets of how they do it – it just works.

Honest.

The site in question is

hacktwitterpassword(dot)com

Hack? Hack!

I just hacked my friends account with this website wow its worked for me thanks to [URL] Enjoy hacking

The site itself is very bare bones, and the creators seem to have missed the opportunity to make it look very convincing so we’ll roll with “functional at best”. Once the desired Twitter account handle is entered into the site, the would-be hacker is presented with lots of “Promote us now” type messages:

The hack begins...or does it?

They want to be shared on Facebook walls, along with having visitors hitting “Like” for both of their Facebook pages and a message sent to users of Twitter, Facebook, and Whatsapp:

Hack any Twitter account with this awesome website (Y) working 100% I just hacked my friends account wow it worked for me thanks to [URL] Enjoy hacking

The above message is actually too long to post to Twitter, but they tried I suppose.

Clicking the Get Password button brings up one of those “We’re doing something…honest” message rotations so beloved of sites such as these:

We got this

Please be patient...this may take about 15-30 seconds

If in 15 seconds you are not redirected to your hacked data click here

Our ever patient would-be hacker is taken to a Sharecheat(dot)com URL claiming to offer a pass.txt in return for one of the many surveys displayed.

Surveys!

While this doesn’t mean much, the MD5 for the “text file” has been listed on numerous other “something for nothing” style downloads. While it may well be a text file, there’s almost zero chance this is an actual, honest to goodness compromised Twitter password. You’re better off steering clear of account compromise websites like the above, because the only people benefiting from them are the site owners once you start clicking on adverts, filling in surveys and downloading files.

It’s also worth keeping in mind that many sites along these lines will sometimes ask for login credentials of your own so they can work whatever magic they claim to be weaving behind the scenes – in those situations, you’ve not only made some affiliate click cash for the scammer but handed them another oppurtunity to spam.

“Hack social media account x” websites have been around for a long time, and consistently fail to pony up the (stolen) goods. Don’t waste your time adding a few cents a pop into the pockets of somebody trying to get rich quick. At best, you’ll have wasted your time and lost a few friends due to spamming them with nonsense; at worst, you’ll have lost your account and / or have handed over your personal details to spammers, alongside installing programs you didn’t actually want.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.