Spammers promise free games to lure Twitter users

MICRO BLOGGING PLATFORM Twitter is being flooded with spam messages that promise users free licenses for upcoming game titles like BioShock Infinite or Batman: Arkham City.

Security researchers from antivirus vendor GFI Software warn that Twitter messages like, "My friend got Bioshock Infinite free [link]", "This is amazing! Get a FREE copy of the new Batman: Arkham City. Get one here [link]" or "I love batman, I play the video game look at this [link]" are all the work of spammers.

The advertised links take users to a rogue website called Survey Scout that is part of an affiliate marketing scheme claiming to pay users in cash and coupons for participating in surveys.

Of course, the fact that BioShock Infinite is not due to be released for another year should be a dead giveaway that these messages are not authentic.

Similarly, Batman: Arkham City won't hit the shelves until next month, so anyone claiming to already have a free copy of the game is most likely lying, unless they are official testers or reviewers.

"End users on the Twitter website should be able to hover over links sent to them, although some spam URLs can look like legitimate domains (especially if the site has been hacked) so this may not help in certain cases. If sent a link from a random account, certain checks should be made," GFI senior security researcher Christopher Boyd told The INQUIRER.

"Is the username a jumble of random letters and numbers? Has the account sent the same message to numerous Twitter users in a short period of time? Are they referencing products that you know won't be released for some time? If the answer to all of the above is yes, then it's almost certain you're being targeted by spammers," he added.

That said, there is a different phishing attack detected by security researchers from Kaspersky Lab that is likely to produce more victims. The campaign generates rogue emails that pose as fake invitations to join the beta program for the eagerly-awaited Diablo III game.

A link included in the spam messages leads users to a spoofed web site that asks them for their Battle.Net credentials. Users might easily fall for this scam because there is actually a real invitation campaign for this game that uses email notifications.

"The original invitation mail doesn't ask you to click a link! It only tells you to log in to your Battle.Net account and visit the 'Account' section to proceed. The only links given in the real mail lead to the forums, FAQ and support sections on blizzard.com," notes Kaspersky Lab expert Christian Funk. µ