• On The Insider: Dr. Conrad Murray Returns to Work
January 3, 2009 4:04 PM PST

Twitter phishing scam may be spreading

by Rafe Needleman
  • Font size
  • Print
  • 19 comments

There's a scam spreading through Twitter. Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, "hey! check out this funny blog about you..." The URL in the message then redirects to a page that looks like the Twitter login page, but is actually not on Twitter--it's a site, twitter.access-logins.com, that masquerades as Twitter to steal your login credentials instead.

If you need to log in to Twitter, do it on Twitter.com itself. And to play it safe, double-check your browser address bar to make sure that's where you are.

The phishing site in question also appears to support the theft of Facebook IDs.

I have not received this bogus Twitter message, but the Twittersphere is abuzz over this scam.

This is not Twitter.

Read more on the Twitter Status blog, Chris Pirillo's blog, VentureBeat, or Mashable. Related: Koobface virus hits Facebook

Update: If you are logged in to the real Twitter.com, you'll now see an update about this scam on the page. No warning appears if you use another Twitter client, like Twhirl.

Update 2: The effect of getting taken in by this scam seems to be that affected accounts send messages to their followers with the original phishing message. To date, no other effect of falling victim to the scam has been reported. However, since many people use the same user ID and password for multiple online services, it's possible that credentials collected from this scam could be used to log in to other services, including financial sites.

As Twitter recommends on its blog: "If this has you feeling a bit weirded out, feel free to change your Twitter password."

Rafe Needleman writes about start-ups, new technologies, and Web 2.0 products, as editor of CNET's Webware. E-mail Rafe.
Topics:

Security and spyware

Tags:

Twitter,

security,

phishing

Share:
Digg
Del.icio.us
Reddit
Add a Comment (Log in or register) (19 Comments)
  • prev
  • 1
  • next
by nopinktoday January 3, 2009 5:30 PM PST
I tried to go to that site, but FireFox blocked it for me. Im guessing the FireFox users are safe for now.
Reply to this comment
by nopinktoday January 3, 2009 5:31 PM PST
Whoops nevermind =P...
by nelsondr January 3, 2009 5:43 PM PST
I'm glad I always check the URL when linking to something I'm not expecting. Especially if it's one that's been shortened by something like tinyurl.
Reply to this comment
by afhill January 3, 2009 6:35 PM PST
I think that's the most interesting part -- the URL wasn't shortened, it was a (fake) link to a blogspot page. I can't decide if that was smart or not.
by Mentor397 January 3, 2009 9:10 PM PST
I just tried it and it took me to a fake facebook login page. This url apparently goes to the last applicable login page you entered and tries to steal whatever it can. It's not picky.
Reply to this comment
by JwL3394 January 3, 2009 10:59 PM PST
I went to the site on Firefox, and it didn't block it, so I just reported it to Google and now it blocks. Chrome had blocked it, also.
Reply to this comment
by sethgoldstein January 4, 2009 8:26 AM PST
That's really scary. I haven't seen it yet but I'm glad people are letting others know about it!
Reply to this comment
by DogberryPatch January 4, 2009 1:26 PM PST
You?d have to be a twit :) to click a link to Blogspot, and then not notice you?ve been sent to Twitter.
Reply to this comment
by Stronist January 4, 2009 2:20 PM PST
thanks you web coder http://www.ozsohbet.net
Reply to this comment
by Mergatroid Mania January 4, 2009 3:16 PM PST
The word that comes to mind is....suckers...

But I have to ask, why is there no internet policing going on that can shut down a site like this "one way or another"

As soon as it was discovered, it should have been shut down. If it's in a country that won't cooperate, then take the whole country off the net, or attack the website, or anything that results in the site being gone.

I can't believe governments still let things like this go on to this day.
Reply to this comment
by drpr January 4, 2009 3:53 PM PST
The phishing scam does not only use the phrase stated in the article. There are new versions coming up, such as one stating that the wrong address was given before, so try this new one.

The main thing to be wary of is clicking a link and finding that you are required to log into ANY website to access the information purported to be there.
Reply to this comment
by inspirewithhope January 5, 2009 1:19 AM PST
I can corroborate drpr's statement above: After the original phrase, I've also received a version "Hey! I just got a FREE iphone from this website.. here" and then a URL.

Kx
by Owyn January 4, 2009 4:02 PM PST
Double blocked here. Firefox blocks it and so does OpenDns.
Reply to this comment
by mvtechies January 4, 2009 9:14 PM PST
I have found a new phisher. Name as www.twitteri.com which isnt blocked.!
Reply to this comment
by Identity-Theft-Protection January 5, 2009 8:11 AM PST
This is a brilliant scam and will dupe even sophisticated users. The Facebook worm is very similar in nature. Watch out people!! www.IDTheftSecurity.com
Reply to this comment
by Maarek Stele January 5, 2009 11:04 AM PST
Stupid is as stupid does. Turn your phishing filter on and ONLY go to http://www.Twitter.com
Reply to this comment
by Harrison912 January 5, 2009 11:46 AM PST
Thanks, Rafe, for this report. I typically use Twitter as well as other social sites to socially market my safety and security web site. The last thing I need is a security issue from a phishing attempt!
Reply to this comment
by daknoodle January 5, 2009 12:21 PM PST
WhoIS lookup on the domain shows that it was registered using a Chinese registrar, so much for getting it shut down. The Great Firewall of China can protect it citizens from the world but can't protect the world from it's citizens.
Reply to this comment
by sandyviv July 21, 2009 9:32 AM PDT
i tried to access this site but my fire fox browser blocked it. firefox users are safe for now.
check out this link http://www.atflashback.com/sandyv1.fb
Reply to this comment
(19 Comments)
  • prev
  • 1
  • next
advertisement

About Webware

Say No to boxed software! The future of applications is online delivery and access. Software is passé. Webware is the new way to get things done.

Add this feed to your online news reader

Webware topics

E-tailers linked to 'scam' blame customers

Priceline, Classmates.com, and Orbitz say customers should read the fine print before complaining about being charged to join loyalty programs they didn't want.

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET