We recently found Twitter spam touting “gift cards” at the tail-end of the gift-giving season. In this run, Twitter users are lured into clicking a shortened URL with the strings “#mcdonalds gift card.” McDonald’s is a globally well-known fast food chain that, like many other establishments, do offer certificates and vouchers for patrons who would like to give these as gifts or rewards.
Unfortunately, closer inspection of the shortened link reveals a URL that doesn’t seem to have anything to do with McDonald’s gift certificates.
Instead, the link leads to the following site:
Clicking the “Join Now” button leads to some redirections that finally lands the page to an adult dating site.
We consider the URLs used in this attack as malicious because of the deceitful nature by which they are used. The lure “#mcdonald’s gift card” would have definitely led several users to believe that some gift certificates or vouchers are being given away or discounted.