Twitter Users Again Under Phishers Attack
A phishing scam is spreading through Twitter, as DMs (Direct Messages) are appearing in Twitter accounts along with attractive come-ons encouraging users to view a website on blogspot.com. The messages call the recipients to check out a funny blog on individuals and so on.
Unfortunately, the lures managed to deceive some Twitter accountholders to reveal their passwords in the phishing scam that was launched during the weekend of the 1st week of January 2009. Nevertheless, the fraud was quickly identified; however, the warnings of "don't click" came in so rapidly that they turned out to be a greater nuisance than the scam e-mails themselves.
The phishing works when a URL in the e-mail directs the recipient to a Twitter login look-alike page on the website twitter.access-logins.com. pretending to be from Twitter and tries to steal login credentials.
Moreover, a number of hijacked Twitter accounts are seen distributing phishing e-mails across persons within the Twitter network. These e-mails along with the affected website appear to resemble the typical social network scam e-mails with the only difference that the current messages are extremely short.
According to experts, with phishers motivated by monetary gains, users could well question how it is possible for someone to earn money from hijacked Twitter accounts. Certain possibilities are that of the phished webmail account could be used to distribute spam, or to pull out ransom from genuine accountholders.
Further, phishers prefer to use hijacked accounts than newly opened accounts as these have low chances of tripping off spam filters.
Summarizing in a statement, security specialists said that the outcome of being victimized in the scam is using them to send phishing messages to those users who are following it. Subsequently, if the activity of phishing continues along with the compromising of too many accounts, there might be the compound effect of heightened spam inside the Twitter network.
Meanwhile, the Twitter blog says that it addressed the problem by notifying about the hostile domain. Twitter also discovered a similar fraudulent webpage for the social networking site Facebook.
Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account
» SPAMfighter News - 17-01-2009