Twitter is one of the most popular microblogging and social network sites that can be found online. Nearly everyone who’s anyone – from big companies to celebrities – has a Twitter account from where they can update their followers in 140-character bite-sized chunks. It’s lightweight, it’s popular, it's widely-used, and it’s free – all the qualities of a social media platform that is perfect for cybercriminal abuse.
So, how do cybercriminals abuse Twitter? Analyzing more than 570 million tweets, 33 million of which we found to be malicious, we discovered that cybercriminals abuse the service in ways similar to how they abuse most online messaging and social media platforms: by spamming posts and private messages with links to malware and malicious sites. These links may also lead to phishing websites, most of which mostly focus on stealing Twitter login credentials.
Analyzing this abusive behavior even further, we also managed to find the parts of the world where users fall victim the most to these types of abuse. The results of our analysis, arranged per type of abuse, as follows:
Spammed Tweets: Users from Russia click and read more twitter spam than any other country in the world (50%), with the US second (27%). That the tweets were usually written in Russian contributed to the numbers. It's also due to the inherent nature of the Russian cybercriminal underground, of which dealing with cracked software and pirated movies are but some of its main activities.
Twitter Phishing: Nearly half of all twitter phishing victims come from the US (49%) with Japan a far second (15%).
Malware Links: Users in Saudi Arabia, Egypt and Sudan clicked the most tweeted links that lead to malware, 16%, 11% and 10% respectively.
Why do cybercriminals abuse Twitter? Simply put, the platform's popularity ensures that they have a large number of potential victims (i.e. users) that they can attempt to victimize with just one click or tap on a link. It’s free, it’s fast, and with Twitter’s retweeting function they can spam their malicious tweets as much as they want.
The fact that Twitter’s built-in character limit encourages shortened URLs is also a bonus, as they can make malicious URLs appear legitimate and safe.