A large number of Twitter accounts have been compromised in the past couple of weeks and used to spread links that point to a fake CNBC website which advertises a shady work-at-home job.
According to Naked Security,
it’s uncertain how all the accounts have been hijacked, but there may be a connection to the recent LinkedIn incident
because the spam campaign began on the exact same day on which the password leak came to light.
The tweets posted from the compromised accounts look something like this:
Hey, Why work for somebody else? [LINK]
best decision I ever made was checking this out. just click on this link [LINK]
Hey pal, a woman tells CNBC about making money from home! [LINK]
While they may differ from one situation to the other, they all come with a link that seems to point to a CNBC site. In reality, cnbc
is just the subdomain of the com-[redacted].in
domain that hosts the scam.
The malicious website is cleverly designed to display a title adapted to the victim’s location based on his/her IP address.
Once the unsuspecting internaut clicks on one of the links from the shady site, he/she is taken to another domain that promotes a multi-level marketing (MLM) scheme.
To make everything more legitimate-looking, McAfee Secure
and VeriSign Secured
logos are displayed.
Regarding the hijacked accounts, many of them appear to belong to users who haven’t utilized Twitter for a long time. In some cases we’ve seen, the accounts’ rightful owners are still posting, but every once in a while a shady tweet appears on their feed.
If this campaign is not connected to the LinkedIn breach, the spammers could have acquired all those accounts via phishing or with the aid of shady Twitter apps that post messages on the user’s behalf.
In any case, customers of the social media site are advised to check their tweets and if they see any suspicious ones, they should verify the apps that have access to their accounts.
Also, as a precaution, they should change their Twitter passwords.