A security researcher said he felt vulnerable after a fake message on Twitter said he was a “zoom exploit” victim.
The “zampole” message, which was retweeted by @HannibalZampolis, said: “I feel entitled to exploit your vulnerability in order to prove your vulnerabilities to the world.”
The Twitter user’s message was later deleted and a message from the company to him was sent.
Mr Zampolis said he did not know why the message had been retweeted and he did have a response on Twitter.
“I replied to it but I didn’t receive a reply from the person who tweeted the message,” he said.
Mr Jaitley said there had been “several instances” of Twitter users abusing the platform to tweet attacks against people they did not personally know.
“What is so alarming about this is that, when a social media platform such as Twitter or Facebook is being attacked, you have a very easy and cheap way of exploiting a vulnerability,” he told the BBC.
“It is quite common for a hacker to use a malicious tweet to get a follower to respond with a malicious reply.”
He said the vulnerability appeared to have been created with a script that was programmed to trigger a fake alert and then a spam bot.
“When a Twitter user opens a tweet with the ‘zampolis’ tweet, the script will look like this: ‘Hi, this is a zampolis tweet’, ” Mr Jaitleys said.
“That is very typical and it is easy to use to send a spam email.”
And when the spam bot sends a reply with a link, you can send a link to a malicious website to send it to a bot that will send the message to someone who is on the list.
“Mr Jai told the ABC that he was concerned the attack could be repeated with similar messages.”
If you are sending a spam message to a person that you don’t really know and you are trying to get them to respond to it, you could end up doing it,” he added.”
The next thing you know, they will reply back saying, ‘Thanks, I will try that next time’.
“You could then repeat it a hundred times until someone is not responding to it anymore.”
Twitter had not responded to a request for comment at the time of publication.
The ABC has contacted Twitter for a response to the tweet.