ROFL Is This You on Here?

Image (1) twphish.jpg for post 24420

The direct message arrived in my Twitter account: “rofl is this you on here?” followed by a link.

Oh no!  Are there embarrassing pictures of me on the Internet?  Again?!

After calming down a bit, my cynicism prevails. Let’s see what’s really going on here.

The link itself was to a URL shortener.  This one redirects to a page that looks very much like the login page for Twitter. Looking at the browser address bar, however, reveals a non-Twitter URL. In fact, the URL resolves to a server in China.

While some of the hyperlinks on the page point back to Twitter proper, others point to the Chinese site.  These are signs of a phishing attempt.

A user trying to log in to Twitter on this page would be sending login credentials to this suspicious server.

I was curious what would happen if I typed in a fake user name and password.

Username: DidYouReallyThinkThisWouldWork?

Password: SillyPhisher

Entering this information on the real Twitter page causes it to prompt for username and password again hoping to get actual login credentials this time.

Entering the same information on the fake Twitter login page renders the following image:

And as I ponderously stare at this whale and the improbably strong birds, the Chinese server is trying to break into my Twitter account using the username and password I just typed in so that it can send the same message to all my contacts.