SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist artcoder's Avatar
    Join Date
    Aug 2005
    Location
    Planet Earth
    Posts
    599
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    I don't understand this twitter spam

    I got an email that appears to be an twitter invitation that looks like the one posted here.

    It came into one of my email accounts that was not associated with my twitter account. I understand that a person on twitter can invite anyone to join twitter simply by typing in an email address. And the person could have found my email address that was published elsewhere.

    What I don't understand is that the URL of the link that it wants me to click is non-standard (as mentioned in the post). However, the link in does in fact goes to twitter with query string parameter like utm_campaign and utm_medium.

    At first I'm thinking that the person collected email addresses on the web and wanted to test whether they are good email address by sending out this twitter invite. If person clicks on link, then email address is good. However, since the link is going to twitter and off-site somewhere, I don't see how they would know I clicked on the link.

    In the source of the email, I see an img tag with src that is not at twitter.com. So is it using web beacons to detect whether I have received this email? Thereby letting them know I have viewed the email (hence they got a valid email address)?

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,230
    Mentioned
    194 Post(s)
    Tagged
    2 Thread(s)
    If there's a hash associated with it, eg.

    ....4fj7654fbh9kjh87.gif

    or

    ....spacer.gif?x=4fj7654fbh9kjh87

    then you can bet it's for tracking.

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,230
    Mentioned
    194 Post(s)
    Tagged
    2 Thread(s)
    I was thinking that for a smaller "campaign" instead of hashes, a false directory structure could be used. eg. using letters (26 possible)
    ...../a/g/spacer.gif
    you could identify up to 676 variations, and with
    ...../h/r/y/spacer.gif
    17,576
    and with 4 "folders" 456,976 !!

    And that's just using single letters. Using "words" instead would increase the possibilities without adding more "depth".

    Just goes to show, don't trust any links without thinking hard about them.

  4. #4
    SitePoint Zealot jimmy85's Avatar
    Join Date
    Aug 2009
    Posts
    174
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know, but it looks like a valid twitter domain used there in the link. How can you fake a domain btw? Would it be possible if DNS servers you use could have been compromised then it points to another site for phishing?

  5. #5
    SitePoint Evangelist artcoder's Avatar
    Join Date
    Aug 2005
    Location
    Planet Earth
    Posts
    599
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When looking in the source code of the HTML email, the link is in fact going to twitter. This is just to fake people so that they think this is a real twitter email.

    However, the Twitter image logo in the upper left is going to an domain name that is not associated with twitter. That image is a web beacon that tells spammers that you have read the email (if you have images turned on).


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •