Twitter users warned about new phishing attack
This is Twitter's spam warning.
(Credit: Twitter)Twitter warned on Wednesday about a new phishing attack in which direct messages to users link to a fake log-in page that steals passwords.
"We've seen a few phishing attempts today; if you've received a strange (direct message), and it takes you to a Twitter log-in page, don't do it!" the Twitter spam warning says.
The direct messages say: "hi. this you on here? http://blogger.djh****.com," Sophos reports in a blog post. The full URL is obscured to prevent people from unwittingly visiting the phishing site.
Clicking on the link takes a user to a page that looks like a legitimate Twitter log-in page. When the user types in the username and password, a fake version of Twitter's "over capacity" message is displayed, with the image of the notorious "fail whale" held aloft by birds.
"When I visited the page, I was then slingshot to another Web page on Blogspot.com, claiming to belong to a blogger called NetMeg99," Sophos researcher Graham Cluley wrote. "It's not clear if NetMeg99 is involved in the phishing scam, but there is a suggestion that her Web page did also try to phish for credentials at one point."
If you have been duped by this phishing ruse, Sophos suggests that you immediately change your password at Twitter and any other sites where you used the same log-in credentials.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Dumb people speak in 140 characters or less, they are bound to fall fate. The bad guys have got their yacht in the sun secured while we sit in our poxy 9/to/5 jobs.
98 characters. You qualiy for Twitter!
"Dumb people speak in 140 characters or less, they are bound to fall fate."
67 characters. Again, you qualify to post on Twit- oh, I see now. Um... oops. :)
> Anyone that falls for a phishing scam should have to take an intelligence test to get back on the internet.
It's this attitude that actually helps the bad guys along. Everyone thinks "it only happens to someone else" which keeps the trust factor high enough that the scams work again and again. It's very much like it was in the early days where you never questioned an email with an attachment that came from a friend, yet that's exactly how Happy99 and Melissa made it so big. Even FBI Director Robert Mueller almost fell for a phish. So it's not just "dumb people" falling for scams. The phish attacks are getting more and more sophisticated and not as easy to "spot the fake" as it were.
- by TobyGalino November 3, 2009 7:35 AM PST
- Yeah well.. how about "Knock Knock"... it would be an interesting study to see the amount that fall for that. Oh My, I have to agree with all of you and yet, I too understand how sometimes you fall victim by "pulling the trigger" prior to clarity and immediately have that nauseous feeling in your gut.
- Like this Reply to this comment
-
(10 Comments)At VeriSign we note this as more reason to encrypt sites (not just financial and ecommerce) And internet users and development folks have their piece of this action to respond to, but if, for example, if SocNet's like Twitter, Facebook, were encrypted with Extended Validation SSL, it would cut down on phishing attempts that could compromise log-in credentials across multiple websites.