'Osama Is Alive' Phishing Scam Spreads on Twitter

A new scam is spreading on Twitter by distributing links to fake CNN news articles that allegedly confirm Osama bin Laden is still alive.

The rogue tweets posted by victims of this scam vary, but the overall theme remains the same.

Some of them read "omgg osama is alive!!! cnn confirmed that he's still out there :(( [link]", "I cant BELIEVE osama is still alive - CNN confirmed he around stillll :O [link]", or "OMG CNN confirmed that they found Osama alive still ! ! ! [link]"

For this campaign, the scammers are using bit.ly shortened URLs which take users to a spoofed Twitter login page.

Unfortunate users who input their credentials on this site are then redirected to a real CNN YouTube video about anti-American protesters in Pakistan claiming Osama is alive.

Unlike recent Twitter scams that encouraged users to associate rogue apps with their accounts, this attack harvests login credentials and leverages them directly to post spam.

"Twitter trend-tracking service Trendistic recorded this scam as being 1% of the volume of all tweets some 8 hours ago. The current rate of tweets is around 200 per minute," security researchers from Websense said.

Previous Osama-related scams on Twitter and Facebook have shown that attacks using this lure can be very successful, which is probably why they'll continue making the rounds.

Users who believe they've fallen victim to this scam should immediately change their Twitter password and remove the spam tweets posted from their accounts.

Firefox and Chrome users can also use extensions that expand short URLs. These can help determine if links are fraudulent before clicking on them. For example, in this case, a link to a CNN news article that points to a non CNN domain name should clearly raise suspicion.