Contrary to what the fake Twitter authorization page may say, the “StalkTrak” app does not show you a list of your Twitter “stalkers.”
No, instead it will steal your Twitter login, send that off to the soon-to-be new owners of your Twitter account and show you a bogus list of those that allegedly lurk on your Twitter profile to distract you in the meantime.
How the StalkTrak App Phishing Scam Works
- Your personal invitation to be scammed comes in the form of a DM reading something like this:
Check this app out [SHORT LINK] it displays anyone that has viewed you on Twitter!
- Once you click on the link, you will be taken to a spoofed Twitter app authorization page that hopes your desire to find out who’s checking you out on Twitter is enough to get you to enter your Twitter account login credentials.(Note the funky domain name that almost looks like it’s meant to mimic the Twitter.com domain, but not quite.)
- Your login information is sent off to the cybercrooks and you’re redirected to a fake page displaying a list of Twitter users divided into 3-columns named “Mutual”, “Stalking” & “Stalkers.”(Btw, I know this isn’t an actual working app because I entered fake Twitter login credentials on the authorization page and yet I was still taken to the “results” page. I’d imagine it would be difficult to give me a list of my stalkers if you don’t have my real Twitter name, yes?)
Now that we’ve blown the cover on this phishing scheme (which has been around for months, apparently), what shall we do about it?
What to Do if You Get a Phishing DM on Twitter
If you’re ever sent a DM that claims that you can find out who’s stalking you or that there’s someone spreading rumors about you, it is recommended that you:
- Do NOT click the link.
- Do NOT provide your Twitter login and/or password.
- Report the DM to Twitter.
- Delete the DM.
Have you received any messages on Twitter urging you to check out the StalkTrak app? So far we’ve received two, but they were from the same user.