StalkTrak App Phishing Scam Steals Twitter Login Information

Twitter iconAre you dying to know who’s checking out your Twitter timeline?

Contrary to what the fake Twitter authorization page may say, the “StalkTrak” app does not show you a list of your Twitter “stalkers.”

No, instead it will steal your Twitter login, send that off to the soon-to-be new owners of your Twitter account and show you a bogus list of those that allegedly lurk on your Twitter profile to distract you in the meantime.

How the StalkTrak App Phishing Scam Works

  1. Your personal invitation to be scammed comes in the form of a DM reading something like this:
    Check this app out [SHORT LINK] it displays anyone that has viewed you on Twitter!
    Check this app out [SHORT LINK] it displays anyone that has viewed you on Twitter!
  2. StalkTrak App Phishing Scam PageOnce you click on the link, you will be taken to a spoofed Twitter app authorization page that hopes your desire to find out who’s checking you out on Twitter is enough to get you to enter your Twitter account login credentials.(Note the funky domain name that almost looks like it’s meant to mimic the domain, but not quite.)
  3. Bogus Results from StalkTrak "App"Your login information is sent off to the cybercrooks and you’re redirected to a fake page displaying a list of Twitter users divided into 3-columns named “Mutual”, “Stalking” & “Stalkers.”(Btw, I know this isn’t an actual working app because I entered fake Twitter login credentials on the authorization page and yet I was still taken to the “results” page. I’d imagine it would be difficult to give me a list of my stalkers if you don’t have my real Twitter name, yes?)

Now that we’ve blown the cover on this phishing scheme (which has been around for months, apparently), what shall we do about it?

What to Do if You Get a Phishing DM on Twitter

If you’re ever sent a DM that claims that you can find out who’s stalking you or that there’s someone spreading rumors about you, it is recommended that you:

Have you received any messages on Twitter urging you to check out the StalkTrak app? So far we’ve received two, but they were from the same user.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, internet scam, phishing, scam, social engineering, twitter and tagged , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
  • SAP

    I clicked the link, but didnt wait for the page to load completely. So I never typed anything in, but I was signed in on twitter from the mac app and online. It wouldn’t have put in my info automatically right? I’m safe?

    • Marquisa Kirkland

      As long as you didn’t enter your login information you should be fine. If you are worried, you can always change your password as a precaution and double-check the apps that have access to your Twitter profile under your account settings. :)

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5