Oscars scams ran wild thanks to Twitter bots

No, @JordanPeele__ isn't the same as @JordanPeele. Bots targeted celebrities who tweeted about the awards, posting a scam link that got clicked more than 277,000 times.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read

These spammed tweets followed director Jordan Peele's post on Twitter during the Academy Awards.

Kevin Winter/Getty Images, screenshot by Alfred Ng/CNET

And the Oscar for social media attacker goes to…

A spam campaign ran rampant Sunday night and Monday morning on Twitter, targeting celebrities who tweeted about the Academy Awards. These bot accounts pretended to be a given celebrity, with account names like @JordanPeele__ and @GaIGadot____. They gained attention by replying to the star's tweets and included a URL leading to a scam.

Social media ploys like this take advantage of Twitter's struggle to squash bot accounts, which people also have used to spread disinformation. Bots make up a small but significant portion of the social network. Twitter said bots make up only 5 percent of its users, while other studies suggested three times as much.

A Twitter spokesman said the company is aware of "this form of manipulation" and is "proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner." 

The scam link in the Oscar bot campaign received more than 68,000 clicks on Monday before the company deleted associated accounts, according to a Bit.ly analysis. It's received more than 277,000 clicks since it was first posted on Feb. 26. The bulk of those clicks -- 120,814 -- came on on Sunday night, when the Academy Awards broadcast took place.

After Jordan Peele won an Oscar for Best Original Screenplay, for the movie "Get Out," which he also directed, he sent out this celebratory tweet:

The first response to it wasn't from one of his biggest fans. Neither were the second, third, fourth, fifth or sixth responses. They were from an account pretending to be the "Get Out" director, with the handle "@JordanPeele__," writing, "Love you guys, heres a gift from me," with a link to a gift card scam.   

The phrasing and the URL were used by an army of spam bots also posing as Khloe Kardashian and Ellen DeGeneres. These accounts have also since been suspended. The bots, many of which had Russian names, boosted reply posts to the top of the feed by piling on likes and retweets.

"While celebrities themselves are often targeted by those trying to take over their social accounts, attackers also indirectly target celebrities to directly access their millions of followers instead," said Phil Tully, a principal data scientist at social media security company ZeroFox.

Twitter's algorithm ranks reply tweets by engagement, and bots have gamed the system to get more eyes on their scams.

The URL in the Oscar campaign plays a shell game by disguising itself as a Tumblr page called fixyourselff.tumblr.com and then redirecting to the scam page, which offers a free gift card in exchange for your personal information. 

These scams on social media have been running for a while, with the attackers shifting their focus every time there's a major event, Tully said. The bots are easy to reconfigure and customize, and the bot armies are simple to build at scale, he said. 

"The Oscars are an especially magnified moment for celebrities, with prime-time audiences shifting their attention to their hot takes and instant reactions to real-time events on social media," Tully said. "Scammers are garnering so much engagement by implanting this kind of spam into the public replies of their topical Oscars tweets."

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Blockchain Decoded:  CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will