Twitter Hit By Yet Another Phishing Attack

Twitter has become the latest social networking platform to become the victim of a sophisticated phishing attack that has resulted in several Twitter accounts being hacked and being controlled by an automated software which is sending links of malicious websites selling fake pharmaceuticals.

According to several security experts, a section of users of the micro-blogging site are receiving Tweets which are entitled 'Is this you?' and contain a link that leads the users to a dummy Twitter page, which by the looks of it has been prepared on Blogspot.

When the users enter their Twitter credentials, they are then redirected to a China based server that hosts a lot of domain names that uses spam in order to promote fake pharmaceuticals.

Explaining the complexity and functionality of the phishing attack, Graham Cluley, the senior consultant at Sophos, said in a statement that “In fact, they can automatically post the phishing message from your account as soon as you hand over your details.”

He also added that if anyone receives Tweets headed 'Is this you?', it means that their account has been compromised by cyber criminals.

Meanwhile, Twitter representatives released a statement which said that security experts were investigating the attack in order to eradicate it and advised users to change their passwords.

Our Comments

The news of a large scale phishing attack came out when it was revealed a few days ago that Twitter accounts of several prominent members of Parliament had been compromised. Many of these links are using URL shorteners like Bit.ly or TinyURL which actually hide the final destination.

Related Links

Twitter phish floods network with short URLs

(Infosecurity Magazine)

Britain all atweet over Twitter phishing attack

(ARN Ney)

Phishing Attacks on Twitter Spread

(Best Mobile Contracts)

Twitter’s Two Sides of the Coin

(The New New Internet)