Network News

X My Profile
View More Activity

Phishers Now Twittering Their Scams

Phishers are trying to trick Twitter users into forking over their user names and passwords by sending tweets that direct users to fake Twitter login pages, security experts warn.

Update, 7:31 p.m. ET: Twitter now says that in an unrelated incident,
the Twitter accounts for president-elect Barack Obama and 33 other notables were compromised by an individual who hacked into some of the tools the company's support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. More on that incident from a new post on the Twitter blog.

Original post:

Blogger Chris Pirillo spotted the Twitter phishes on Jan. 3, after receiving a tweet that asked him to log in at a counterfeit Twitter site called "twitter.login-access.com" (it's probably best to avoid visiting this site, which is still active as of this writing.)

Suspecting that access-logins might be a domain used by phishers to scam any number of popular online brands, I ran a reverse lookup on the Web site name. While that domain appears tied to just this one scam, the Internet address tied to that domain - an address in China - is currently home to a number of other phishy domains that include misspellings of popular social networking sites, such as:

beboaccess.com (currently points to a facebook phishing page)
bebog.com
blackplanats.com
blackplenats.com
fanebook.com
friendister.com
ifaceibook.com
mylyearbook.com
myyearsbcok.com

As Symantec notes, if you've fallen for this scam, change your password at the real twitter.com before your account is used to scam others.

Twitter has a note about this on its site warning users about the scams going around. Unfortunately, the warning is only displayed *after* users log into their account. To be fair, there is also a warning on the official Twitter blog.

I have a feeling we'll start seeing phishers adding Twitter to their stable of targets in 2009. That's unfortunate, because it almost certainly means we'll be hearing the term "twishing" being bandied about this year.

By Brian Krebs  |  January 5, 2009; 11:32 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: One Weak Link to Rule Them All
Next: Spamhaus: Google Now 4th Most Spam-Friendly Provider

Comments

twishing? Nice. Thanks!

Posted by: tuzoner | January 5, 2009 12:45 PM | Report abuse

Brian, can you tell us what [programs you recommend using on a regular basis? Right now I have Norton and Spybot Sd, but they both take up a load of ram and if it's worth it I don't mind but if there is better, I'd rather switch. I remember a few years ago you have a list of what you found to be the bets for protection, can you do so again?

Posted by: mdsails | January 5, 2009 2:20 PM | Report abuse

Seems like a lot of technological effort to build fake log-in pages, etc, when the goal is to steal Twitter account log-in data ... where's the financial incentive? What "profit" could a phisher reap with somebody's Twitter data, other than anonymously annoying the real account holder?

Posted by: landfill | January 5, 2009 4:30 PM | Report abuse

@Landfill -- Scammers and spammers like to steal credentials for these social networking accounts because they're ideal for spreading malware. Just look at the Koobface worm and other social networking scourges. Message arrives from your "friend" that you should watch some video, and video at included link prompts you to update your Flash player in order to view it, and not wanting to miss what's going on with your friends, you "update" your Flash player with the supplied .exe file, and bam! -- your machine is infected with whatever the scammers want to install.

Posted by: BTKrebs | January 5, 2009 5:19 PM | Report abuse

Ah, so basically I was right. Phishers aren't stealing anything immediately valuable (like credit card/bank data) when they steal social networking logins, they are stealing access to a downstream step that may or may not spread malware. Stealing these logins is similar to e-mail address harvesting. Ultimately, when a person receives purely random spam or a loaded message from a compromised social networking site, if he/she is foolish enough to click the embedded link and then further foolish enough to permit the inevitable resulting request for a "software install", he/she deserves what he/she gets. It still absolutely slays me that social networking sites exist at all, and that people knowingly and voluntarily publish so much accurate and sensitive personal data about themselves for worldwide consumption (and abuse)... Charles Darwin came up with a succinct way of describing this situation.

Posted by: landfill | January 6, 2009 8:39 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company