A phishing attack apparently originating from China has hit Twitter users all over the world as genuine accounts from the popular micro blogging websites are being sought by criminals to roll out spamming campaigns that involve LOLs.
Varians of "lol , this is funny." and "Lol. this you??" followed by a phishing link that redirects to a fake Twitter login page hosted in China by BZPharma.net have been reported to Twitter and various security companies.
Once the customer details have been entered, the phishers redirect the victim to another fake page page saying that Twitter has reached its maximum capacity and displays a "whale".
Graham Cluley, senior technology consultant at Sophos, argues that "the messages are being shared more widely because of third-party services like GroupTweet which extend the standard Twitter direct message functionality and allow private messages to be sent to multiple users, and optionally made public".
The messages have apparently been sent by direct message only, which requires an additional level of trust that normal retweets don't have. This, in theory, could make the phishing attack even more lethal.
Obviously, the hacked accounts were also used to spread the links in the public feed streams as well and, the group behind the BZPharma.net campaign want to sell a herbal-based alternative to Viagra.
After more than a decade of deception from hackers, spammers, scammers and the likes, internet users must have learnt how fraught with dangers the internet is. Once bitten, twice shy; let's hope that millions will have learnt this lesson.