NHS Direct Twitter account compromised by Acai Berry diet spammers

Filed Under: Social networks, Spam, Twitter

NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet.

At 10:40pm UK time on Sunday night, the NHS Direct Twitter account posted the following message:

Spam tweet from NHS Direct

Are you wanting to lose some weight? i highly suggest this [LINK]

Because the NHS Direct service is well-known in the UK for providing health advice, it's possible that some followers might have thought that the link was genuine, and clicked on it.

Fortunately, Twitter is now identifying the webpage pointed to by the shortened link as "potentially harmful", but anyone who had clicked would have been taken to a bogus news website promoting an Acai Berry diet:

Acai Berry diet website

The sneaky marketroids trying to sell their diet pills present their webpage as though it were an online news report.

Eagle-eyed readers may notice that the diet website appears to be remarkably similar to the Acai Berry website linked to in another recent attack - where a BBC Rugby correspondent mysteriously started tweeting messages about needing to lose a few pounds.

NHS Direct acai berriesWhat's not clear is just how the @NHSDirect Twitter account was hacked. It could be that the password was compromised, similar to another Acai Berry spam campaign we saw on Twitter at the end of last year following the Gawker password breach.

After all, too many users (perhaps as many as a third) are still using the same password for every website they access.

My hunch, however, is that NHS Direct's Twitter account has been phished - maybe by something like the current "Horrible blog going about you" attack.

If your account on Twitter has been compromised, make sure you change your password to a non-dictionary word - and be sure to also change any other online accounts where you might be using the same password. Far too many people use the same passwords on multiple sites, which obviously increases your chances of becoming hacked.

Aside from changing your passwords, it would also make sense to scan your computer with an up-to-date anti-virus and check that you have the latest security patches in place.

If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.

Hat-tip: Thanks to Naked Security reader @mcbazza for bringing this incident to my attention.

, , , ,

You might like

One Response to NHS Direct Twitter account compromised by Acai Berry diet spammers

  1. It could be perhaps they got sloppy with the remote email tweet or phone number tweet feature.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.