NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet.
At 10:40pm UK time on Sunday night, the NHS Direct Twitter account posted the following message:
Are you wanting to lose some weight? i highly suggest this [LINK]
Because the NHS Direct service is well-known in the UK for providing health advice, it’s possible that some followers might have thought that the link was genuine, and clicked on it.
Fortunately, Twitter is now identifying the webpage pointed to by the shortened link as “potentially harmful”, but anyone who had clicked would have been taken to a bogus news website promoting an Acai Berry diet:
The sneaky marketroids trying to sell their diet pills present their webpage as though it were an online news report.
Eagle-eyed readers may notice that the diet website appears to be remarkably similar to the Acai Berry website linked to in another recent attack – where a BBC Rugby correspondent mysteriously started tweeting messages about needing to lose a few pounds.
What’s not clear is just how the @NHSDirect Twitter account was hacked. It could be that the password was compromised, similar to another Acai Berry spam campaign we saw on Twitter at the end of last year following the Gawker password breach.
After all, too many users (perhaps as many as a third) are still using the same password for every website they access.
My hunch, however, is that NHS Direct’s Twitter account has been phished – maybe by something like the current “Horrible blog going about you” attack.
If your account on Twitter has been compromised, make sure you change your password to a non-dictionary word – and be sure to also change any other online accounts where you might be using the same password. Far too many people use the same passwords on multiple sites, which obviously increases your chances of becoming hacked.
Aside from changing your passwords, it would also make sense to scan your computer with an up-to-date anti-virus and check that you have the latest security patches in place.
If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.Follow @gcluley
Hat-tip: Thanks to Naked Security reader @mcbazza for bringing this incident to my attention.