If you waited to see the Esurance ad at the end of the Super Bowl, or if you have taken a peek at Twitter in the hours since then, you've undoubtedly seen the barrage of #EsuranceSave30 tweets. This has been a homerun marketing campaign for Esurance, but it's being abused by those living on the underbelly of Twitter.

What started it all

Esurance supposedly saved $1.5 million dollars Sunday night by buying the first ad spot after the Super Bowl, rather than paying for one during the game itself. They then created a contest based on the premise of giving away this "savings" as cash to one lucky person that tweets "#EsuranceSave30". Couple the amount of the prize money with the fact that the winner will be announced on Jimmy Kimmel Live, and you have a contest that just about everyone will feel comfortable participating in.

Where it went wrong

If you've been around the web, particularly Twitter, then you've seen the scourge of accounts like @historyinpics, @abandonedpics, @OMGFacts, etc. There have been a number of articles about these types of accounts lately, and not leaving them in a favorable light. One goal that all of these accounts have in common is gaining followers, and they've been very successful at it. If there's one thing we've learned from the social web it's that there's value in having access to lots of users. Twitter accounts with nearly a million followers are valuable, no matter how those followers were acquired. Fortunately for most of twitter, these accounts haven't taken to true spam, or at least not yet. That can't be said about the accounts mentioned later in this post.

Hyper-viral campaigns like #EsuranceSave30 leave seedy accounts like these licking their chops. The more money that is on the line, the more likely people become to make regrettable decisions. One of these regrettable decisions is following an account that is lying to them, in a thinly veiled attempt to gain followers. Here's a prime example:

Next 5000 People Retweeting this tweet will get their entry increased by 10, following increase by 20 for the $1.5 million. #EsuranceSave30

— EsuranceSave30 (@EsuranceWin) February 3, 2014

Note: the formatting of that tweet is broken because it has most likely been deleted, as so many of these tweets are

Observed follower farming

It's not the mere presence of these scams that has prompted this post. Today I was actually able to observe some of this behavior and wanted to share my findings. This was all prompted by the following tweet:

Someone should track all of these fake #EsuranceSave30 accounts to see what kind of fun Wonka accounts they turn into later.

— Patrick Claybon (@PatrickClaybon) February 3, 2014

It occurred to me that creating a Twitter list would probably track those accounts without actually following the seedy account. Fortunately for me, @PatrickClaybon actually took the initiative to create just the list. Lo and behold, it took less than 4 hours to catch the first "transformer".

When the list was originally created there was an account named @esurancemillion. This account was tweeting many of the same lies as the other accounts ("retweet for 10 more entries", "follow to enter", etc). This account was the most active on the list as I monitored it, so it was very surprising to me when I began seeing @HeIpfulTips on the feed instead of @esurancemillion. When I visited @esurancemillion's profile page, I found that it no longer was an account with 200k+ followers, but instead only had ~5k. What's more interesting is that the @HeIpfulTips account had a number of references to esurance that were vanishing as I refreshed the page. I just happened to catch the transformer in the act!

At that point it had become clear that the account name was switched from @esurancemillion to @HeIpfulTips. What's more interesting though is that the Twitter account @HelpfulTips was already parked by someone. As a result the transformer had to use @HeIpfulTips instead of @HelpfulTips. Notice that the capital I and lowercase l look identical in the default font. This account seems to be fond of retweeting a "Mind blowing" account with the handle of @UnbeIieveabIe. As you can imagine, there are tons of opportunities for legitimate usernames that are already claimed to be mimicked by switching out l's and i's.

Both the @HeIpfulTips and the @UnbeIieveabIe accounts are being used to tweet spam to a weight-loss scam or other spammy sites (twitplc.info and twittur.co to name a couple). Unwitting Twitter users are tricked into following an account and are then fed disguised spam from a seemingly unrelated account. This also opens the door for some pretty nasty phishing attacks, as those spammy URLs could easily fake the Twitter login page and capture your credentials.

Proposed solution

One option is for Twitter to show the usernames that an account has taken on during the life of the account. This would allow the user to see that an account might have an unsavory past before following, rather than just assuming the 100k+ followers suggest legitimacy.

Twitter could also keep an eye on accounts that have >100k followers and take some measures to protect the users that are getting tricked into following these accounts. Monitoring the links that are being shared and adding a warning to the profile if the links are spammy; acting as an inverse to the blue verified badge for good users. Unfortunately protecting users is not as lucrative a business move as buying patents.

At the end of the day, the responsibility is on you as a Twitter user to protect yourself from scams like these. Challenge accounts that claim to give you something just for retweets and/or follows. Check to see if a real TV ad initiated it, look for verified accounts, or find the contest terms and conditions. Finally, check your following list every now and then to clean up any accounts that you don't really want to follow.

Update: It seems Twitter has been actively working to suspend a number of the bad accounts. @esurancemillion and @EsuranceWin are a couple mentioned in this post that have been suspended. Unfortunately @HeIpfulTips (list) and @UnbeIieveabIe (list) live on...

Another update: As evidence that this is a regular occurrence, here are a couple of accounts trying to capitalize on the news of a new CEO at Microsoft: @SatyaNadeIIa (1500+ 2100+ followers, now suspended). @NadellaSatya (200 followers, but very active, almost aggressive even, now suspended). Obviously these aren't very big players, thankfully, and most have found the appropriate account of @SatyaNadella (15.7k followers and growing).

Scott Hanselman just mentioned one of the bad accounts and pointed out something that I failed to mention in this post. Please report these accounts as spam when you see them! You won't get immediate closure from doing that, but it will definitely help Twitter keep the interwebs clean.

This account is a fake, note the two capital I's rather than L's. Report as spam. @SatyaNadeIIa

— Scott Hanselman (@shanselman) February 4, 2014