Twitter phishers are after your password

Filed Under: Phishing, Social networks, Spam, Twitter

Twitter has warned its ardent users to be on the lookout for dangerous direct messages, which could lead to cybercriminals phishing their account login details.

As SophosLabs briefly reported earlier today, the offending direct messages take the form of:

hi. this you on here? http://blogger.djh****.com

(We've obscured part of the url as it wouldn't be a good idea for you to visit the page.)

If you did make the mistake of thinking that one of your Twitter friends was sending you a link to, perhaps a funny photograph, you would be presented with what appears - on first glance at least - to be the Twitter login page:

Twitter phishing page

However, this is a phishing page - designed to grab your Twitter username and password as soon as you enter them. In this case the cybercriminals don't even seem to have made much effort to hide the fact that the site is dodgy - the domain name they have chosen doesn't look anything like twitter.com and should stick out like a sore thumb to anyone who cares to take a moment to see where they've eded up.

To cover up its phishing intentions, anyone entering their information on the page is shown a "Twitter over capacity" page, including the famous Fail Whale. Again, this page is not the real thing - and is not hosted on the real Twitter website at www.twitter.com.

Bogus Twitter over capacity webpage

When I visited the page I was then slingshot to another webpage on Blogspot.com claiming to belong to a blogger called NetMeg99. It's not clear if NetMeg99 is involved in the phishing scam, but there is a suggestion that her webpage did also try to phish for credentials at one point.

Blogspot webpage

So, what should you do if you fell for one of these phishing messages and handed over your Twitter login details to the bad guys?

You should consider yourself now hacked, and must change your Twitter password *immediately* before your account is abused by hackers.

Furthermore, you should make sure that you change your password on any other site where you were using the same login details as that could also become compromised. And, vitally you must not use the same password on every website.

It's time to wake up about social networking threats. Hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, and in the same way they are after compromised social networking accounts.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.