Phishers Now Twittering Their Scams
Phishers are trying to trick Twitter users into forking over their user names and passwords by sending tweets that direct users to fake Twitter login pages, security experts warn.
Update, 7:31 p.m. ET: Twitter now says that in an unrelated incident,
the Twitter accounts for president-elect Barack Obama and 33 other notables were compromised by an individual who hacked into some of the tools the company's support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. More on that incident from a new post on the Twitter blog.
Blogger Chris Pirillo spotted the Twitter phishes on Jan. 3, after receiving a tweet that asked him to log in at a counterfeit Twitter site called "twitter.login-access.com" (it's probably best to avoid visiting this site, which is still active as of this writing.)
Suspecting that access-logins might be a domain used by phishers to scam any number of popular online brands, I ran a reverse lookup on the Web site name. While that domain appears tied to just this one scam, the Internet address tied to that domain - an address in China - is currently home to a number of other phishy domains that include misspellings of popular social networking sites, such as:
beboaccess.com (currently points to a facebook phishing page)
As Symantec notes, if you've fallen for this scam, change your password at the real twitter.com before your account is used to scam others.
Twitter has a note about this on its site warning users about the scams going around. Unfortunately, the warning is only displayed *after* users log into their account. To be fair, there is also a warning on the official Twitter blog.
I have a feeling we'll start seeing phishers adding Twitter to their stable of targets in 2009. That's unfortunate, because it almost certainly means we'll be hearing the term "twishing" being bandied about this year.
January 5, 2009; 11:32 AM ET
Categories: Fraud , Latest Warnings , Safety Tips , Web Fraud 2.0
Save & Share: Previous: One Weak Link to Rule Them All
Next: Spamhaus: Google Now 4th Most Spam-Friendly Provider
Posted by: tuzoner | January 5, 2009 12:45 PM | Report abuse
Posted by: mdsails | January 5, 2009 2:20 PM | Report abuse
Posted by: landfill | January 5, 2009 4:30 PM | Report abuse
Posted by: BTKrebs | January 5, 2009 5:19 PM | Report abuse
Posted by: landfill | January 6, 2009 8:39 AM | Report abuse
The comments to this entry are closed.