NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Home > News > Security

Security

Phishing Campaigns Spotted on Twitter

Attempting to steal login credentials and/or phone numbers

By Lucian Constantin, Web News Editor

5th of January 2009, 10:35 GMT

Adjust text size:

A phishing campaign has hit the Twitter micro-blogging service over the weekend, forcing its staff to issue an alert. The campaign has since morphed, and there are now at least two different variations in circulation.

Phishers are using previously compromised Twitter accounts and the Direct Message feature to spam their malicious links. "Hey! check out this funny blog about you… [URL]" or "Hey, I found a website with your pic on it… LOL check it out here [URL]," some of the messages reported by Twitter users read.

The URL spammed in the original campaign pointed to a web page that was hosted on Blogspot in order to increase the message's credibility. However, when visiting the Blogspot link, users get redirected to a fake Twitter login page, located on an access-logins.com domain.

"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers," Graham Cluley, senior technology consultant for antivirus vendor Sophos warns.

"However, as so many Internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," the security researcher adds.

The Twitter team has published a post on its blog, describing this attack and informing that it is proactively resetting the password for the accounts found to be sending out these messages, as they have clearly been compromised. In addition, it advises users who are worried that they might have fallen victims to this scam to use the reset password link.

Reports about a spin-off of this campaign have surfaced today. The messages of this new variant entice individuals to visit a link claiming that they could win a free iPhone. It then directs them to a page displaying an advertising banner and asking for their credentials, as well as their phone number.

Since there is no obvious gain for the phishers from this campaign, Mr. Cluley speculates that it might be related to an affiliate link system scheme, through which the cyber-crooks are earning a comission for directing traffic to certain websites. He also suggests that users of all social networking websites should exercise caution, because the domain hosting the fake Twitter login page has also been seen hosting a rogue Facebook authentication page in the past.

TAGS:	phishing campaign \| twitter \| login page \| URL spam \| iPhone scam	SHARE THIS
Read by 1,970 user(s) \| Add comment \| Link to this article		TWEET THIS

Article rating:

NOT RATED

0 vote(s)

Subscribe to news |

Print article |

Send to friend

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

Comment #1 by: Rupali on 06 Jan 2009, 10:15 GMT	reply to this comment
Great information!!!!! Be aware while using Twitter........

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2010 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive