Twitter is seeing a Tuesday rush of spam from an unofficial app claiming itself to be “Twitter Video.” When a user falls for the guise and authorizes the app, it starts auto-tweeting from their account. A fake video titled “Baby Poops in His Onesie, But Dog’s Response Leaves Millions of People in Hysterics” has seemingly resulted in a wave of people falling for the hoax.
The spam has affected Clara Jeffery, editor-in-chief of Mother Jones, and others like Dwight Garner, book critic for the New York Times, although Garner shortly deleted the tweet afterward. That’s understandable as the app, somehow called Twitter Video, looks deceivingly official. And who wouldn’t want to see that video if the description were accurate?
In the fine print, when you authorize Twitter Video, it does say that the application will be able to post tweets for you, although it’s not able to see your password.
You can check what Twitter third-party apps you’ve authorized by heading to Settings and then looking under Apps for anything that seems unfamiliar.
Spam attacks like this one are a good general reminder not to authorize random Twitter apps. But the ones that look like they’re part of Twitter itself could be harder for some to catch.
PSA: don’t auth in to that “baby poops his onesie” video because it’s autotweteing from your account lol
— ಠ_ಠ (@MikeIsaac) December 12, 2017
And sometimes they can be much more malicious, as was the case earlier this year when a sophisticated phishing attack swept through Gmail, masquerading as a Google Docs permission request. So companies need to get a little more stringent in the names they allow for third-party apps that can request user authorization.