Twitter is not charging in October, there is no petition, you're being phished

Filed Under: Data loss, Featured, Phishing, Privacy, Social networks, Spam, Twitter

Another scam to steal Twitter users credentials is making the rounds today. The tweets being sent out read "Twitter might start to charge in October, sign this petition to keep the service free! -URL-."

Twitter petition tweets

The official Twitter account, @safety, has warned people about the threat and it appears that the Twitter team is having partial success extinguishing this one. Here is an example block page I received when attempting to visit one of the URLs.

Twitter block image

Unfortunately it did not take me long to find the original destination dressed up with several different URL shorteners. This one seems to still be making the rounds to some extent.

Remember folks, rather than click those short URLs, you can always check them over at longurl.org. If you expanded this one you would see that it eventually takes you to ltittier -dot- com, which was registered on a Chinese DNS server at three past midnight this morning.

Twitter phishing page

The site is a near perfect duplicate of the real Twitter login site, and it masquerades as a message that your session has timed out. You will need to "reauthenticate" and hand over your identity to the criminals immediately.

At least one Twitter user seems to be having some fun with this and has produced her own copy of the scam... Earlier this morning @trojankitten posted "Twitter might start charging in October, a petition is picking up speed to keep it free.-URL-."

If you click the short link, you are redirected a bit and end up on a pastie.org page that reads:

"Hi,
This is Trojan Kitten. Twitter won't "start charging in October," but there's yet-another-twitter-malware, which will send tweets like these from your account, once you're affected:

"Twitter might start to charge in October, sign this petition to keep the service free! link.here/to-malware" "Twitter is going to charge now? read this article on twitter :( link.here/to-malware"

And since you see the text you're currently reading, you could've been affected: you clicked the link. I don't actually blame the users. So let's blame Twitter for its loose control on apps (in terms of security).

If you have been hit with this scam, be sure to change your Twitter password immediately and it would be prudent to log in and revoke all application API access as well.

You will need to reauthorize each Twitter enabled program as you use them, but your account will be safer for it.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.