Judging by the latest Twitter scam promising to tell you how many hours you've spent logged in to the social networking site, the old aphorism rings true: there is a sucker born every minute.
Similar to the " Time on Tweeter " scam that hit the site recently, this week's variation on the theme comes in the form of an app called TimeChecker2.6. Included as a link in a posted message, the third-party app can take control of your account and propagate itself by sending out tweets to all your contacts with an enticing offer such as, "I have spent: 23.8 hours on Twitter! See how much you have."
Graham Cluley from the security firm Sophos tested the malicious TimeChecker app, which uses trending topics to increase its visibility, and found that it tweeted the spam message more than a dozen times in less than 30 seconds.
TimeChecker even asks users to type in their email addresses, a mistake that could give the scammers the credentials they need to further compromise your online identity.
Users can disable TimeChecker and other rogue third-party apps by revoking the app's rights under Twitter's Settings/Connections tab.
Security experts urge Twitter and Facebook users to never accept unsolicited offers and to be cautious about clicking on links, even ones sent by friends. And for the record, there is no app that can tell you how long you've spent on Twitter or Facebook. So next time you see this scam — and there will be a next time — ignore it.