QuotesLOL – Laughing all the way to the bank

Yet another Twitter credential stealing website reveals its true colours as a vehicle for criminals to make money from the unwary.

 

I have had my suspicions about QuotesLOL for a little while now, the service describes itself as

Subscribe above to receive daily quotes on your twitter. These quotes are funny and people will enjoy them! Is your twitter boring? Well these quotes will make your twitter account active and fun :] Login above, Enjoy!

Click to Enlarge

Click to Enlarge

 

OK, so it’s a service that wants to provide you with some light relief through Twitter by sharing amusing quotations with you, not so malicious you might think. Well, for those of you who are not regular Twitter users, the normal way to offer this kind of service would be to create a Twitter profile like this one, and that way, anyone who chooses to follow your profile will receive your amusing quotes. Not so with QuotesLOL.com.

 

In order to use QuotesLOL.com you are asked to enter your Twitter login information (yes, the same details you use to log into Twitter) on the QuotesLOL website, once inside, only then are you asked to follow the Twitter account QuotesLOL.

follow2

 

So, what kind of humorous updates do you get if you choose to follow QuotesLOL? Some real side-splitters let me show you…

wowthanks

 

At no point on the QuotesLOL.com website does it tell you that your Twitter account will, from that point on, be used to post spam and earn money for the people behind QuotesLOL, but that is exactly what happens, here is an example from an account I sacrificed on the altar of Research.

spam1

 

Those Spam links , including the abbreviated one (which is incidentally longer than the real URL), will lead to you a domain called FollowAdd.net which is full of nothing but Google Ads for other spurious websites that promise to increase your follower count, and that is how the not-so-humorous QuotesLOL is making money from you.

followadd

 

 Google describe how to make money from their ads

With AdSense for content, these ads you display on your site can be either cost-per-click (CPC) or cost-per-thousand-impression (CPM) ads. For CPC ads, you’ll generate earnings when your users click on the ads. For CPM ads, you’ll generate earnings every time the ad appears to a user viewing your site.” 

 

Bottom line? Do not *ever*give your username and password for anything to anyone other than the site the credentials are originally for.  If you’re thinking of using one of the many third-party services that use the Twitter interface then make sure the address that shows up in the web browser is one that will keep your password safe. Look for http://twitter.com/oauth at the beginning of the address, and if it’s not there, don’t give up your details. For further details, have a look at the column I wrote for MSN How to use Twitter Safely.

2 thoughts on “QuotesLOL – Laughing all the way to the bank

  1. Pingback: QuotesLOL - Laughing all the way to the bank » Counter Measures « Jared Rimer’s Technology blog and podcast

  2. Pemo Theodore

    Wow Rik thx so much for ur investigative feedback unfortunately 2 late 4 me now my twitter account hacked & am now having problems with accessing with new password. Ahh the damage that can be done 2 one’s day by this insidious waste of time. Appreciate your education. Thanks again Pemo Theodore http://www.astramatch.com/blog

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*