Twitter in Phishing Scam

Twitter is being used in a phishing scam to obtain your login credentials, using a fake login site under different domain to try and trick you to fill in your username and password. They are using direct messages to do this, and supposedly uses tricked accounts to widen their scam. Read the Twitter blog post for more.

Always make sure that you sign in on twitter.com! That way you’ll know that you’re not sending your login credentials through an unknown party. You might even want to take it one step further and just not click any links in the notification emails sent out that tells you you’ve got a DM. Just go to twitter.com instead, and click the DM link in the right column and you’ll be in the clear.

Comments

  1. says

    While they might neutralize one particluar source URL (the one screenshotted in their blog post, presumably), there is nothing stopping phishers using another one. That is, until Twitter notices it and blocks that URL too. It will be an on-going battle with the bad guys, and it will never be old news because of that. ;)

    You don’t neutralize threats like this, you temporarily block them. That’s the flipside on having an API.

  2. says

    It looks as though this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email said, “hey! check out this funny blog about you…” and then provided a link. That link redirected to a site masquerading as the Twitter front page.

Leave a Reply

Your email address will not be published. Required fields are marked *