Beware tvviter.com – video of a live Twitter phishing attack

I got an email this morning saying that someone called “3XNJTVJG0SYIKDH (NinaOchoa)” was following my updates on Twitter.

That’s rather an odd name, I thought, and investigated further.

(This video is also available on YouTube)

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Turns out that 3XNJTVJG0SYIKDH (lets call her 3XNJTV for short) was already following nearly 400 people on Twitter, but had only ever posted one update:

check this guy out [followed by a tinyurl address]

Fortunately, I use LongUrl. I’ve blogged about LongUrl before, but in a nutshell it’s a cool add-on for Firefox which converts short urls – like those often used on Twitter – into into their true much longer form.

And I was able to see that 3XNJTV (okay, lets call her “Nina”), was trying to point me towards a website called tvviter.com.

Did you read that right? tvviter.com (Double V, not W)

Yup, it’s not the real Twitter site.

But if you do make the mistake of clicking on the link you will be taken to a bogus website which is pretending to be Twitter, and hopes to fall you into handing over your username and password (which could lead ultimately to some painful identity fraud, as well as your account being used for the purposes of spam or spreading malware).

At the time of writing the user and the website are still live – I wouldn’t recommend visiting either.
And further analysis suggests that there are many other bogus Twitter users out there telling you to “check this out” and pointing to the same TinyURL link this morning.

Animated GIF of other Twitter accounts trying to phish details from unwary users

Be careful out there.