Horrible blog going around about you? Or a Twitter phishing attack?


Malicious TwitterYou may not realise it, but your Twitter account is worth money.

Cybercriminals are keen to compromise your Twitter account, so they can spam out messages (either as public tweets, or less obvious direct messages to your online friends) in the hope that some recipients will click on the links.

What lies at the end of the links can vary. It might be a webpage offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer.

But first they need to commandeer your Twitter account, and the simplest way for them to do this is just to ask you for your Twitter username and password.

Here’s an example of the latest attack that has been seen on Twitter. The message arrives in the form of a direct message (DM), and has a pretty enticing reason for you to click on the link:

Phishing tweet

Read this yet? horrible blog going around about you [LINK]

In the example above, the DM has come from an account that has already fallen victim to the scammers. Ironically in this example, shared with us by Naked Security reader @basexperience, the owner of the account which has been taken over by cybercriminals is a division of the UK’s Sussex Police Force. Whoops.

So, what happens if you click on the link?

Well, you’ll be taken – via some redirects – to a website which looks like this.

Twitter phishing website

At this point, you think that your Twitter session has timed out – and you may well be tempted to enter your userid and password.

Stop. Right. There.

Let’s take a closer look.

Close-up of Twitter phishing website

Did you notice? This site isn’t the real twitter.com – it’s a lookalike phishing site called “twittelr”, designed to steal your login credentials so cybercriminals can use your account to spew out spams, scams and other nasty links. They could even read your private DMs if they wanted.

If your Twitter account has been sending out messages that you didn’t authorise, change your password immediately (make sure it’s unique, and you’re not using it anywhere else on the web), and visit Settings/Connections to double-check that you have only allowed applications you are comfortable with to integrate with your account.

If you’re on Twitter and want to learn more about threats, be sure to follow me at @gcluley and the rest of the @NakedSecurity team on Twitter.