Twitter warns of new phishing attack

Fake message reads 'hi. this you on here'

Twitter warned users Tuesday of a new phishing scam on the social networking site.

It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.

"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page.

The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.

Neither of these pages appears to include any type of attack code, but both should be considered untrustworthy, according to Sophos Technology Consultant Graham Cluley. "It seems like this was a straightforward phishing campaign, rather than an attempt -- at this stage at least -- to spread virally," he said via email.

Victims get these direct messages only from people they follow on Twitter, so they seem more believable than other types of spam. Once a user has been phished by the attack, the criminals are then able to direct message all of the victim's contacts with the phishing spam.

"These sort of things have been happening for over a year on Twitter," Cluley said in an interview.

Hacked Twitter accounts are a great launching pad for more attacks, Cluley said. "We don't know precisely what they're going to do in this case, but often they will send spam messages to advertise a particular site."

Because about a third of users have the same passwords for all of their online activity, criminals can also use the same log-in information to try to get into other Web services such as Gmail or Yahoo, Cluley said.

"If you've fallen for one of these traps, don't just change your Twitter password; change your password on every Web site you use," Cluley siad. "Use non-dictionary words and use something that's hard to guess."

The Twitter attack comes as Facebook users are also under siege. Security researchers say that a spam botnet is has sent out hundreds of thousands of fake password reset messages. When victims try to open an attachment that supposedly contains their new password, they end up running a Trojan horse program, called Bredolab, that then installs unwanted software on their PCs.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags twitterphishing

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?