TwitterJacking- Phishing of Twitter accounts
A direct message in my inbox showing a phishing message- it is not the fault of the sender, it is because his account is compromised |
A phishing attack on Twitter has claimed several high-profile victims including a British cabinet minister and a bank. Ed Miliband, the U.K's Secretary for Energy and Climate Change, on Friday found his Twitter account sending out spam tweets promoting sexual enhancement products.
U.K.-based security company Sophos says that Miliband appears to have been duped into revealing his login and account details by a series of attacks identified earlier this week.
The attack relies on the phrases "This You????" or "LOL this is funny" to get Twitter users to click on phishing links.Those links take victims to a look-alike Twitter login page that turns entered information over to the cybercriminals behind the campaign.
Anatomy of the Scam
Generally a phishing attack against Twitter users breaks down to a three-part process. First, accounts compromised in the manner described above send out messages to all accounts following them.
Second, accounts that are newly compromised send out more messages. Third, the scammers behind the phishing attack make an attempt at monetization by sending out spam links instead of links to a fake login page. We fight phishing scams by detecting affected accounts and resetting passwords. However, it's better to stop them before they start.
If you want to know what phishing is - check this out -> Wikipedia article on Phishing
What Twitter Says
Twitter issued a warning on it's blog . It reads as :- Over the past few days, Twitter has been helping folks victimized by a phishing attack. Phishing is a deceitful process by which an attempt is made to acquire sensitive information such as Twitter usernames and passwords. The bad guys masquerade as someone you trust and may send you a Direct Message (DM) with a link. This DM may say something along the lines of, "LOL that you??" followed by a link to a fake Twitter login page. If you enter your credentials on that fraudulent page, the phishers can sign in as you and trick more people.
To know more about how to keep your twitter account safe -> A twitter link
So folks safe tweeting..