A new Phishing scheme arrived on Twitter earlier this week, originating from direct messages on the micro-blogging service. Accounts that were compromised sent a message asking, “rofl this you on here?” and pointed users to videos.twitter.secure-logins01.com.
Twitter goes phishing thanks to malicious direct messages. (IMG:J.Anderson)
The good news is that the URL used in the Phishing attack, which resolved to a server in China, is offline. Google’s safe browsing initiative, used in Firefox and other browsers, was blocking the site later in the day on Wednesday as well. The actual Phishing page was simple in design, mirroring the Twitter login screen. Once the username and password were entered, the fake page switched to an image of the infamous Fail Whale.
It is unknown how many people were tricked by the Phishing campaign, as many Twitter users quickly spotted the fake site and moved to warn others. In addition, those who follow Spam Watch (Twitters Spam notification account), saw an alert yesterday afternoon that said, “A bit o'phishing going on -- if you get a weird direct message, don't click on it and certainly don't give your login creds!”
In a blog post, Sophos’ Graham Cluley offered some advice, “If you were unfortunate enough to come a cropper, and entered your details into the fake Twitter page you must consider yourself hacked, and should change your Twitter password immediately before it is abused further by cybercriminals.”
“Furthermore, if you fell victim to this attack you should make sure that you change your login details on any other site where you were using the same password as that could also potentially become compromised.”
This isn’t the first time that Twitter has had Phishing related issues. Towards the start of the year, users on Twitter reported direct messages that were linking to a similar website where their usernames and passwords were Phished. As was the case in the current Phishing campaign, the previous Phishing attempt included direct messages asking, “Hey, i found a website with your pic on it…” or “hey! check out this funny blog about you.”
Moreover, similar Phishing attacks have been attempted on Facebook and MySpace. According to Cyveillance, a cyber intelligence driven vendor, there were nearly 180,000 distinct Phishing attacks this summer, one of the highest rates the company has seen so far. Noting that the criminals behind the attack are adding social network sites, voice and SMS texting channels to their traditional e-mail spam arsenal.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story