Twitter Deletes 90,000 Accounts Found to Be Thriving Porn Scams
"Boys like you, my figure?"
Since February, and possibly earlier, Twitter users have been stumbling on tweets from women who “want vulgar, young man” or someone to “take my #virgin,” clicking on links in the posts, and finding themselves enmeshed in porn subscription scams.
The accounts aren’t humans; they’re nearly 90,000 bots, coordinated to administer “one of the largest malicious campaigns ever recorded on a social network,” estimates ZeroFOX Threat Research, an organization that has been researching the deception. ZeroFOX reported the scam to Twitter last week, and the social media platform immediately deleted all of the bot accounts — but not before they’d managed to ensnare a ton of users.
ZeroFOX calls the network of bots “SIREN” and says that it was “incredibly successful.”
To be precise, SIREN successfully solicited more than 30 million clicks. The bots churned out 8.5 million unique posts, all of which were generically created using one of 26 opening phrases and eight closing phrases. Here’s an example with a classic opener:
Here are all of the bots’ opening phrases in a chart comparing their frequency of use, created by ZeroFOX:
When users clicked on the links, they were taken through automatic redirects between a series of URLs to “obfuscate the destination of these links to avoid anti-spam services,” explains ZeroFOX. Eventually they’d land on scam subscription-based porn or fake dating sites, many of which solicited users’ personal information to send elsewhere.
It’s unclear how much money the SIREN creators — who seem to be from Eastern Europe — made off the ploy, but the FBI reports that “the average complainant loses over a hundred thousand dollars” in these situations, which the bureau calls “romance scams.”
Each of the 90,000 accounts had a female name and featured an image of a woman as its profile photo.
Many of the accounts sought out targets by “quoting” one of their tweets; this Twitter feature allows users to embed an older post within a new post and add commentary to it.
The SIREN bots are gone from Twitter, but “romance scams” will continue as long as they’re lucrative for malicious actors. Next time you’re tweeted at by someone asking, “want to #fondle me?,” maybe don’t click.