ROFL Is This You on Here?

Filed Under: Social networks, SophosLabs

The direct message arrived in my Twitter account: "rofl is this you on here?" followed by a link.

Oh no!  Are there embarrassing pictures of me on the Internet?  Again?!

After calming down a bit, my cynicism prevails. Let's see what's really going on here.

The link itself was to a URL shortener.  This one redirects to a page that looks very much like the login page for Twitter. Looking at the browser address bar, however, reveals a non-Twitter URL. In fact, the URL resolves to a server in China.

While some of the hyperlinks on the page point back to Twitter proper, others point to the Chinese site.  These are signs of a phishing attempt.

A user trying to log in to Twitter on this page would be sending login credentials to this suspicious server.

I was curious what would happen if I typed in a fake user name and password.

Username: DidYouReallyThinkThisWouldWork?

Password: SillyPhisher

Entering this information on the real Twitter page causes it to prompt for username and password again hoping to get actual login credentials this time.

Entering the same information on the fake Twitter login page renders the following image:

And as I ponderously stare at this whale and the improbably strong birds, the Chinese server is trying to break into my Twitter account using the username and password I just typed in so that it can send the same message to all my contacts.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s