October 2, 2014

New Phishing Attack Spread by Twitter Direct Message

(LiveHacking.Com) — A new phishing attack has appeared on the Twitter network using Direct Messages (DM) to deceive people into following a link to a fake Twitter login page.

The messages sent from other Twitter users, lure victims by asking if it is them who is pictured in a photo, video or mentioned in a blog post.

Various versions of the bait messages include:

is this you in the video?
is this you in this picture?
check this out… it’s a funny blog post. you’re mentioned in it.
 

Clicking on the included link takes you to what appears, at first glance, to be the Twitter login page but is in fact hosted on a domain with a similar spelling to Twitter but isn’t associated with Twitter at all.

If you take the bait and enter your username and password on the page you have probably given your login credentials to hackers.

Del Harvey (@delbius) who runs Twitter’s Safety team, says that Twitter is resetting the passwords of users who it believes have been hit by the phishing attack: We’re resetting passwords for affected users; here’s the help page to check out about what you should do. https://support.twitter.com/articles/31796-my-account-has-been-compromised.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks