14 DAY TRIAL // Tumblr users are advised to be careful who they become friends with and what links they click on, especially if they’re posted by a customer whose only messages read “follow me, I follow back.”
That’s exactly how the latest Tumblr phishing campaign begins. A shady user starts following random individuals, urging them to visit a link, GFI’s Jovi Umawing reports.
In the scenario presented by the expert, the link looks like wild-atrocisity.tumblr.com. This URL actually hides an IP address from which users are redirected to a webpage that replicates the Tumblr login page.
At this point, potential victims may believe that they were somehow signed out and they might enter their usernames and passwords. By doing so, they’re actually handing over their login credentials to the masterminds that run the malicious page.
However, there’s one major clue that hints to the fact that this is nothing but a scam. The phishing site actually replicates the old Tumblr login page, not the new and more secure one.
After further analysis, experts have concluded that the redirection webpage is located on a server in Sweden, the IP that’s behind the plot being associated with a number of other similar schemes.
Tumblr account holders are advised not only to avoid clicking on links posted by spammy profiles, but also to report any suspicious activities and block users who are up to no good.
Also, when logging in to an account, always check to see if the webpage is hosted on the site’s official domain. The fact that most social media websites use secure https connections should always be remembered.
If you are about to log in and you notice that the padlock icon and the digital certificate are missing, you can be certain that you are about to hand over your credentials to a third party that’s eagerly waiting to misuse them.