'Found a funny picture of you!' Twitter phishing attack

Filed Under: Phishing, Privacy, Social networks, Spam, Twitter

Ill birdWe're now regularly seeing Twitter accounts which have fallen into the hands of cybercriminals, sending out messages to their online friends with the aim of tricking them into handing over their all-important username and password.

Here's one of the latest attacks, shared with us by our friends at @TweetSmarter:

Found a funny picture of you [LINK]

I saw a real bad blog about you, you see this? [LINK]

Phishing tweets

If you make the mistake of clicking on one of the links you are taken to a fake Twitter website, created with the aim of purloining your username and password.

Careless users might enter their credentials automatically, assuming that their session on Twitter has simply timed out. Doing so is disastrous, not only can the hackers now access your Twitter account they could also - potentially - use the password at other online accounts you may own.

Fake Twitter website

Everyone needs to learn to be on their guard against phishing attacks like this. If you did receive a message like the above, please tell your online friend that their account has been compromised, and they should urgently change their passwords.

Hat-tip: Thanks to our friends at @TweetSmarter for bringing this latest scam to our attention.

, ,

You might like

One Response to 'Found a funny picture of you!' Twitter phishing attack

  1. Michael Benidt · 900 days ago

    What's weird about this stuff isn't how much attention it gets, but how little attention it gets, considering the risks. You folks are doing a great service bringing these topics to the forefront. I've just had an experience with a client where the company Twitter site sending the phishing DM wouldn't respond to our warnings that they'd been hacked. Anyway, keep up the good work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.