StalkTrak the new twitter scam

StalkTrak phishing scam website
StalkTrak phishing scam website
Do not trust this app or page

Currently there is a twitter DM (Direct Message) telling you to “Find out who’s stalking your twitter”. It’s a scam to steal your twitter id and password.

If you’ve authorized StalkTrak to use your twitter account, you’re a victim of a scam. Your twitter password and user name has been stolen. Change your twitter password immediately.

Just like I warned in How to Avoid Twitter Phishing Scams, this scam is designed to fool users on mobile devices like smart phones. The site looks at first glance to be twitter, but it is spelled t-v-v-i-t-i-l-e-r, relying on our brain’s ability to read and ignore misspelled words.

That’s a screenshot on the right.

Note that the domain name, DM phrase and application name will change as this attack matures. I’ll update this entry with new domains, application names and phrases as I see them.

P.S. I know Stalktrak is an old scam, but it has raised it’s ugly head again with new domains and phrases.

Professional Twitter Tools get TweetAdder

tweetadder 3.0

TweetAdder Services are no longer available.  Twitter has permanently banned their API without explanation nor response.

I once used a series of scripts to manage various twitter accounts and campaigns on behalf of clients.

I now use TweetAdder exclusively (affiliate link).

This is professional software that costs money (currently starts at $55)  but you can try the demo first. If runs on your local machine (Mac, PC or Linux).

Why would I pay for professional twitter automation software like TweetAdder, especially if I had tools that did it for free? Because it saves me time and money. The TweetAdder developers maintain it whenever Twitter makes a change. That means my down time is the shortest possible. One of my key old scripts stopped working for 4 weeks until I had a chance to debug it. That doesn’t happen with professional software.

Many of the features of TweetAdder don’t get used. I didn’t use some of the advanced search functionality. But when I had a brainwave to target Romanian speakers, for example, then I can quickly put a campaign together. In the past I’d need to customize an existing script.

Anyone who has a professional or serious need for twitter can justify TweetAdder at about $1 a week over 12 months.

My main twitter account @PaulZag has around 4000 followers. I hit the APIlimits regularly on that account. I’ve managed accounts with 20,000 followers and the API limits become a major pain in trying to scale a campaign. Tweet Adder avoids all that drama.

It’s feature-packed:

  • Automated Follows
  • Automated unfollow (with a whitelist to protect your must follow friends)
  • History of follows and unfollows
  • Automated tweets (as well as RSS and @reply feeds)
  • Twitter list integration
  • Find people to follow
  • Follow a users followers
  • Random time delay for all actions
  • Many, many, many more features.

How to Avoid Twitter phishing scams

If you receive a DM on twitter “This made me laugh so hard when i saw this about you lol” it’s a phishing scam to get your twitter login details. Your account will then send that or similar DM’s on to your friends. Don’t fall for this email hoax and login to twitter via the link, it’s a fake site.

Why are so many of my twitter friends caught out by this scam? The scam is most effective against users on mobile devices like smart-phones. It’s hard to read the misspelled URL that looks like twitter’s.

As this attack matures, the exact phrase used will change. The way to be safe on a mobile device is

  1. use the twitter client for your device or a well known 3rd party client (like TweetDeck).
  2. login on that client only not the device’s browser.
  3. don’t trust a DM from a contact that does not have context (see below)
  4. if you click on a shorted URL link that takes you to something that looks like twitter do not login – use your dedicated client program instead.

What is context? If you ask a friend to send you a picture and they reply with a URL, that is expected behaviour. If you didn’t ask for it and didn’t party at the Playboy Mansion with them last night, they don’t have a LOL photo of you. Assume they’ve been compromised and move on.

“Compromised” is very cloak and dagger but it’s also smart. At a time when the bad guys are selling compromised accounts and PC’s by the thousands, your login credentials are a commodity worth a fraction of a cent (e.g. 40EUR per 100,000 email addresses last night). So act like a secret agent and assume the worst, you’ll live longer.

The clever social engineering trick that’s hard to resist, what if something bad is really being said about us?

Other phrases I’ve seen so far (I updated this list 6 January 2013):

  • Did you see this pic of you? lol
  • Early TWITTER INVESTORS got FILTHY RICH! How YOU CAN GET RICH with the NEXT TWITTER Growth Story Now
  • FYI this profile on twitter (URL) is spreading nasty blogs around about you
  • damn this person is making updates with retarded things that involve you
  • HAHA omg you have to see this IM dying from laughing so hard…
  • lol wat r you doing n this video
  • u didn’t see them tapping u
  • hey this user is making up cruel things that are about you
  • hey this person is making up cruel things that are about you
  • hey someone is writing shocking posts that are about you
  • Hi this user is posting really bad things about you
  • See who is Stalking your Twitter! (this is the StalkTrak scam)
  • Find out who’s stalking your twitter
  • Hello some person is posting very bad rumors about you…
  • LOL…i am laughing so hard at this pic of me my friend found
  • Hello this user is making nasty things about you…
  • did you see this crazy tweet about you?
  • Hey some person is making terrible things about you…
  • Hello somebody is making nasty things about you…
  • Hi someone is posting very bad rumors about you…
  • Someone is saying some real horrible things about you, seen this?
  • Seen this really nasty rumor/blog about you?
  • There is a rumor/blog going around about you might want to read it
  • Rumor has it there is some bad things about you
  • I saw a real bad blog about you, you seen this?
  • Found a funny picture of you!
  • I cannot believe what this person is saying about you! it’s pretty nasty stuff
  • You seen what this person is saying about you? terrible things..
  • Hey…you seen this yet? some horrible rumors about you going around online…
  • i cant believe this but there are some real nasty things being said about you here
  • Hey, so some real nasty things are being said about you here i cant believe what was said..

If you want more information on keeping safe online, I also recommend this great ebook Cyber Scams – a visual guide to 25 of the biggest Internet scams.

If you’ve already been scammed do the following

  1. Change your password at https://twitter.com/settings/password
  2. Revoke permission from any unknown applications at https://twitter.com/settings/applications

How to update Facebook status from Google+

I prefer Google+ over Facebook for sharing because

  1. paradoxically I trust Google’s privacy commitment more than Facebook
  2. Google let’s me take my connections with me when I leave
  3. per post privacy options

But I realize that Facebook has 600 million users and so much better reach.

Here’s a tip for updating your Facebook status from Google+

  1. go to http://www.facebook.com/mobile/ and copy your personalized upload email address
  2. When sharing on Google Plus add that email address in the +add more people box.
  3. You can create a circle with just email addresses of “update via email” services. Add that circle to any update you want shared on other services. My circle is called Statuses.

The update is limited to the first 45 characters and shows as “via Email”. I’ll update this post when I find a better way to do this.

Twitter Weekly Updates for 2011-08-21

Powered by Twitter Tools

Twitter Weekly Updates for 2011-08-14

  • RT @AmerigoChattin Top 50 Films of the 2000s: http://t.co/qvPbXA6 #topfilms2000s #amerigo <- Too much emphasis on “popular” but good start #
  • Used Tweepi’s Flush 2 unfollow 229 tweeps weren’t followback. http://tweepi.com/?m you don’t have 2 followback but you must b interesting #
  • Good morning tweeps! What’s up? #
  • so @Gift_of_Gabz lost her #blackberry on a bus and I’m told it can’t be traced. Really? Its got GPS & IMEI, why not? #
  • Oo! Oo! An old site I haven’t touched in 3 years gets about $100 pa in adsense revenue got $6 yesterday. It feels like it won a lottery :} #
  • 4 easy copywriting secrets guaranteed to build more links http://t.co/9cHcjtu #

Powered by Twitter Tools

Twitter Weekly Updates for 2011-08-07

Powered by Twitter Tools

Twitter Weekly Updates for 2011-07-24

  • Again repeat after me “My birthday is not a financial secret”http://t.co/RKR85N6 Institutions Cause Identity Theft #
  • @SimonHampel thanks for the RT, I am (irrationally?) steamed by this issue. #
  • I’m one of the first in line for the “One Page Twitter Dashboard” from #TwitSprout http://t.co/SbV14D6 via @TwitSprout I’ll let you know #
  • What a day of busy-ness, but not a lot achieved. Hopefully tomorrow will be better #

Powered by Twitter Tools

Free Google Plus Invite

Update: 5 July 2015 This post received 217 comments before I migrated servers and a corruption lost my posts and comments. That means I sent out more than 200 invitations to the Field Trial! I don’t see much point in manually recreating the comments on this thread. So I’ll just post this…

217 responses to Free Google Plus Invite

Update: 21 September 2011 Google is out of Field Trial and now in Beta, therefore you no longer need an invitation to join. Thanks for stopping by.

I’ve got Google Plus Invites here for free. You do not need to have a gmail address to use Google Plus, but you will need to create a Google account for the email address you use.

To get an invitation, just comment below with the email address you want the invitation for and I’ll invite you. In the comment tell me how you found this page – if via a search, what were the search terms?

I’d appreciate a like, +1 or tweet to the ZagZ.com home page afterwards. Extra karma for googling  Zagz.com and clicking the +1 there too.

Update 12 September 2011: Visits to this post have vanished, so I’ll keep sending invitations if you ask, but I’ll not be monitoring this post as closely.

Update 6 August 2011: Google has introduced URL invites but they have 150 invite limit. I’m sending out email invites which currently have no limits.

Update 1 August 2011: Please remember to like this page on Facebook as well.

Update 19 July 2011: I will edit this section if I ever stop sending invitations. If this is still here, I’m still sending them out.

Update 15 July 2011: You don’t have to put your addresss in the body of the comment. Just use the Email field, it will be hidden from spam lists. Put your name or nick in the Name field too.

What is Google Plus?

Google Plus launched last week and is Google’s third and most complete go at social media. They are making it easy to share with your circle, it’s designed that way from the ground up. Plus people are talking about it being Google’s version of Facebook. But I think it’s better.