CYBERSPACE – Porn spammers have created hundreds, maybe thousands, of bogus profiles and are following other users at random on Twitter in an apparent attempt to scam users out of membership fees at best; credit card and personal info that can be sold at worst, according to cyber-security firm Sophos.On the company’s blog, Sophos’ Graham Cluley noted the bogus profiles are easy to recognize: Each displays an image of an attractive young woman (more of her in some cases than in others), each is following a slew of other users but boasts very few followers of its own, and each tweet made by the profile directs users to a covert URL or chat room. Most of the images bear embedded messages, because the tactic makes spam more difficult for Twitter to identify than plain text issued as a tweet.

“Of course, it’s not a good idea to connect with these spammers by adding them as a friend on [social-networking sites],” Cluley warned in his post. “If you were to do so, you could easily be lured into a flirtatious instant messaging chat, which ultimately leads you to an adult website.”

Sophos first noted the trick in June, warning users to beware of seemingly charming “women” in MSN chat rooms. The apparent chat partners were software programs designed to lure surfers to sites promoting porn websites in the ClickCash.com affiliate network. Sophos was particularly concerned about the scam, because in order to take advantage of “the last free pass to a live webcam session,” the user had to enter personal details and credit card information in order to prove majority. Sophos warned users they might be in for a nasty surprise if they followed through with registration.

Also of concern for Sophos at the time was the ease with which similar tactics could be propagated in the future.

“[T]his technique could be used more in the future as spammers attempt to avoid spam filters and trick unsuspecting users into revealing sensitive and financial information,” a press release distributed June 22 noted.

Following a hunch, Cluley traipsed off after one of the Twitter sex bots and ended up in a chat on MSN. The bot quickly moved from flirtation to an attempt to obtain Cluley’s personal and credit card data.