ROFL Twitter phishing attack is no laughing matter

While leading lights in the computer security industry were engaged in a yodelling competition (yes, really) at the Virus Bulletin conference in Geneva last night, an attack designed to steal the login details of Twitter users was in progress.

Users of the micro-blogging service reported receiving direct messages containing messages similar to the following:

rofl this you on here?

As SophosLabs reports on its blog, clicking on the link takes unsuspecting Twitter devotees expecting to see a webpage referred to them by an online friend to what appears to be a Twitter login page:

Fake Twitter login page

Of course, it’s nothing of the sort. This page has been created by the bad guys with the sole purpose of phishing Twitter usernames and passwords, which will then be used to compromise more accounts. Careful examination of the URL in the message would reveal that it’s not going to the real Twitter site – but many regular users would not be able to come to that conclusion.

Just like hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, so they are increasingly interested in doing the same with social networking accounts.

They know that computer users are more likely to open a message or click on a link sent to them by what appears to be their online friends and colleagues via a social networking site, making it easier to launch financially-motivated attacks.

In this case the bad guys are also able to access potentially sensitive private information you have in past direct messages you have sent and received via Twitter.

If you were unfortunate enough to come a cropper, and entered your details into the fake Twitter page you must consider yourself hacked, and should change your Twitter password *immediately* before it is abused further by cybercriminals.

Furthermore, if you fell victim to this attack you should make sure that you change your login details on any other site where you were using the same password as that could also potentially become compromised. You have learnt not to use the same password on every website by now, haven’t you?

Of course, this is far from the first time that hackers have launched phishing attacks against Twitter users – they increasingly are recognising the value of netting social networking accounts to do their dirty work for them. For instance, earlier this year hackers launched a phishing attack via direct messages claiming to have found funny pictures of the victim.