Phishers Procure Twitter Passwords via Direct Messages
According to security experts, a new phishing scam is making rounds on Twitter that attempts to steal log-in details of users, and then send scam messages to almost every contact in their address book, so as to trick them as well.
Users receive a direct message that reads "ROFL this you on here?" and appears linked to a video site. However, when the user clicks on this link, he gets redirected to a forged Twitter webpage, wherein he is asked to give his log-ins.
This particular scam involves tricking Twitter users through direct messages, a feature that enables users to interact with each other via personal messages.
The phishing scam was reported on September 23, 2009 on the Mashable blog, which stated that it received several reports in context of this particular scam, as reported by pcworld.com on September 23, 2009.
However, it can not be clearly stated whether this scam is a mere prank, or it is being circulated for some wicked motives. Domain name which was used in this case was registered on September 23, 2009. It is found that the user who had registered the domain name belongs to China. It has also been found that his e-mail address has been associated with various scams of similar nature.
Furthermore, it is quite easy for any one to fall in the trap, because unlike previous attacks, messages here appear as direct messages from friends and other trustworthy sources. This is only the latest among numerous scams to affect the popular microblogging site as cyber crooks are trying to make huge profits by exploiting the immense popularity of the site.
Finally, Twitter has warned users of the phishing attack, stating that they must avoid clicking on any creepy message and must not provide their log-in details to any one blindly, reported eweek.com on September 23, 2009.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 14-10-2009