Yet another Twitter credential stealing website reveals its true colours as a vehicle for criminals to make money from the unwary.
I have had my suspicions about QuotesLOL for a little while now, the service describes itself as
“Subscribe above to receive daily quotes on your twitter. These quotes are funny and people will enjoy them! Is your twitter boring? Well these quotes will make your twitter account active and fun :] Login above, Enjoy!”
OK, so it’s a service that wants to provide you with some light relief through Twitter by sharing amusing quotations with you, not so malicious you might think. Well, for those of you who are not regular Twitter users, the normal way to offer this kind of service would be to create a Twitter profile like this one, and that way, anyone who chooses to follow your profile will receive your amusing quotes. Not so with QuotesLOL.com.
In order to use QuotesLOL.com you are asked to enter your Twitter login information (yes, the same details you use to log into Twitter) on the QuotesLOL website, once inside, only then are you asked to follow the Twitter account QuotesLOL.
So, what kind of humorous updates do you get if you choose to follow QuotesLOL? Some real side-splitters let me show you…
At no point on the QuotesLOL.com website does it tell you that your Twitter account will, from that point on, be used to post spam and earn money for the people behind QuotesLOL, but that is exactly what happens, here is an example from an account I sacrificed on the altar of Research.
Those Spam links , including the abbreviated one (which is incidentally longer than the real URL), will lead to you a domain called FollowAdd.net which is full of nothing but Google Ads for other spurious websites that promise to increase your follower count, and that is how the not-so-humorous QuotesLOL is making money from you.
Google describe how to make money from their ads
“With AdSense for content, these ads you display on your site can be either cost-per-click (CPC) or cost-per-thousand-impression (CPM) ads. For CPC ads, you’ll generate earnings when your users click on the ads. For CPM ads, you’ll generate earnings every time the ad appears to a user viewing your site.”
Bottom line? Do not *ever*give your username and password for anything to anyone other than the site the credentials are originally for. If you’re thinking of using one of the many third-party services that use the Twitter interface then make sure the address that shows up in the web browser is one that will keep your password safe. Look for http://twitter.com/oauth at the beginning of the address, and if it’s not there, don’t give up your details. For further details, have a look at the column I wrote for MSN How to use Twitter Safely.