Phishers Attack Twitter

Guess what, the phishers have hit Twitter.  And the impact it has had on the service has reached around the globe.  So if you see an update in your Twitter stream that says something like “Check out this funny blog about you”  if clicked (but please don’t) you will be taken to what looks like the Twitter sign in page.  But please note the address bar (see below);

twitter-phish

As you can see, it is not twitter.com but rather a different address page.  The intent here is to take your password and hopefully use it enter other sites you visit and to fill up your “fake twitter” with spam like “I won an iphone! come see how here” or “Somehow your picture ended up on this site” and once you click on the url’s in the fake stream, here come the cookies, spy-ware and more as the phisher tries to find out where your accounts are.  And to make things worse, the phishers may use your password and identity to send spam and malware to your friends.

So, do yourself a favor and go change your password.  Twitter is aware of the phising and you will find at the top of your Twitter home “Warning! Don’t sign in to fake Twitter.com from a DM”, you will also find a link where Twitter will tell you that they are already changing the passwords of those that have unwittingly signed in.  In a world of multitasking it is not a shock to hear about someone signing back into Twitter without realizing they are on a phishing site while talking on the phone, keeping up with IM’s/DM’s, reading emails, shuffling papers or just not paying attention.  This is the busy world where the phishers live and hope for.

I guess I am not surprised, it had to happen eventually.  The lessons to learn here are:

  • change your passwords often
  • have different passwords for different sites/accounts
  • have good firewall/virus/spyware/phishing protection on your computer and keep them up to date
  • Only open attachments you expect or know what they contain
  • Never enter personal information in a “pop up box”
  • Be suspicious of anyone who contacts you and asks for personal information
  • Don’t click on links that ask for personal information
  • Whether a victim or not, report phishing to Fraud.org

So be careful, take a moment and stay out the phish pond.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.