NHS Direct Twitter account compromised by Acai Berry diet spammers

by Graham Cluley on October 17, 2011 | 1 Comment

Filed Under: Social networks, Spam

NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet.

At 10:40pm UK time on Sunday night, the NHS Direct Twitter account posted the following message:

Spam tweet from NHS Direct

Are you wanting to lose some weight? i highly suggest this [LINK]

Because the NHS Direct service is well-known in the UK for providing health advice, it's possible that some followers might have thought that the link was genuine, and clicked on it.

Fortunately, Twitter is now identifying the webpage pointed to by the shortened link as "potentially harmful", but anyone who had clicked would have been taken to a bogus news website promoting an Acai Berry diet:

Acai Berry diet website

The sneaky marketroids trying to sell their diet pills present their webpage as though it were an online news report.

Eagle-eyed readers may notice that the diet website appears to be remarkably similar to the Acai Berry website linked to in another recent attack - where a BBC Rugby correspondent mysteriously started tweeting messages about needing to lose a few pounds.

NHS Direct acai berriesWhat's not clear is just how the @NHSDirect Twitter account was hacked. It could be that the password was compromised, similar to another Acai Berry spam campaign we saw on Twitter at the end of last year following the Gawker password breach.

After all, too many users (perhaps as many as a third) are still using the same password for every website they access.

My hunch, however, is that NHS Direct's Twitter account has been phished - maybe by something like the current "Horrible blog going about you" attack.

If your account on Twitter has been compromised, make sure you change your password to a non-dictionary word - and be sure to also change any other online accounts where you might be using the same password. Far too many people use the same passwords on multiple sites, which obviously increases your chances of becoming hacked.

Aside from changing your passwords, it would also make sense to scan your computer with an up-to-date anti-virus and check that you have the latest security patches in place.

If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.

Hat-tip: Thanks to Naked Security reader @mcbazza for bringing this incident to my attention.

Tags: , , , ,

One Response to NHS Direct Twitter account compromised by Acai Berry diet spammers

  1. @tyw7 says:
    October 17, 2011 at 10:09 am

    It could be perhaps they got sloppy with the remote email tweet or phone number tweet feature.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.