Twitter Alerts about Fresh Phishing Scam

Twitter, on October 27, 2009, alerted its site's visitors that a newly launched e-mail scam has targeted the social-networking website. The scam, which represents the latest one of the several that inflicted Twitter.com since 2008, is crafted to con users in a way that they divulge their usernames and passwords.

Wrote Twitter on the spam message section of its website that it had observed some phishing attempts on October 27, 2009 and that if anyone had received an unusual "Direct Message" (DM) pointing to a Twitter login webpage, he should avoid it.

If any user enters his username and password into the fake webpage, a blank blogspot page is opened that belongs to someone called NetMeg99.

Also, the fake message appears similar to frequently detected phishing scams. For, upon following a given web-link, users are led onto certain malicious sites that phishe off their personal information and enable scammers to compromise their accounts.

Wrote Graham Cluley, senior researcher with Sophos, that when he went to the page, it redirected him to another page belonging to Blogspot.com, which apparently was of a blogger named NetMeg99. CNet News reported this on October 28, 2009.

Cluley added that it wasn't evident if NetMeg99 was associated with the phishing campaign; however, according to a suggestion, the blogger's page did attempt to capture credentials of users.

Furthermore, according to Sophos, in case anybody has already been victimized by the phishing scam, he must instantly reset his password on Twitter and also on all the other websites where he might be using identical login details. Besides, security researchers suggested that anyone who gets the direct message must not click the link.

Meanwhile, the Twitter phishing assault coincides with another launched against Facebook users. In that, a bot network has spammed innumerable fraudulent e-mails regarding password reset. If users attempt to view a given attachment, which supposedly has their changed account password, a malware-downloading Trojan named Bredolab gets installed on their PCs.

Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account

» SPAMfighter News - 11/9/2009