TwitViewer Could be Associated with Phishing Scam
Twitter issued a note on July 28, 2009 stating that TwitViewer, a service that enables users to find out who is monitoring them on Twitter, is actually related to an e-mail phishing scam.
According to TwitViewer, it has been created to offer a list of Twitter users who have seen a particular user's profile, but requires entering Twitter login particulars to be able to acquire access. Thus, once the particulars are provided, TwitViewer starts sending spam messages to the user's friends and provides a link connecting to the website along with a message that talks about how to find out who is following them on Twitter.
Security researchers state that in addition to the spam dispatched, it isn't evident for what purpose the individuals (behind the website) wished to utilize the particulars for logging in, although dispatching spam mails could be the objective.
The website, which pledges to exhibit last 200 people who visited a user's Twitter page, strangely provides the list of Twitter users in a totally haphazard manner, the researchers said. For instance, the Mashable website tested the hypothesis by creating a fresh Twitter account. After few minutes of account creation, TwitViewer reported that some hundreds of Twitter users have visited the profile that sounds unrealistic.
Google has added the site to a series of familiar phishing websites so that users equipped with anti-phishing program receives an alert while attempting to access the site.
Thus, Twitter recommends users against revealing their Twitter login details to any site they are not familiar with. It advises that in case any Twitter user has given away his login username and password details to TwitViewer, then he must change his password instantly, as reported by The Inquisitr on July 28, 2009.
Users should do some background research prior to handing over their authentication credentials to any Internet service claiming to be of Twitter's.
Meanwhile, it is worth noting that the TwitViewer in discussion is on TwitViewer.net, while the service offered through the same moniker on TwitViewer.com has no connection with the phishing fraud.
» SPAMfighter News - 18-08-2009