Twitter in Phishing Scam
Twitter is being used in a phishing scam to obtain your login credentials, using a fake login site under different domain to try and trick you to fill in your username and password. They are using direct messages to do this, and supposedly uses tricked accounts to widen their scam. Read the Twitter blog post for more.
Always make sure that you sign in on twitter.com! That way you’ll know that you’re not sending your login credentials through an unknown party. You might even want to take it one step further and just not click any links in the notification emails sent out that tells you you’ve got a DM. Just go to twitter.com instead, and click the DM link in the right column and you’ll be in the clear.
Thord Daniel Hedengren is a designer, writer, and blogger, and also the former editor of The Blog Herald. He used to be a hotshot in the gaming industry in Sweden, but sold everything and went International. Most recently he wrote a book called Smashing WordPress: Beyond the Blog, and does loads of kickass design.
That’s old news. Twitter neutralized the threat over the weekend!
While they might neutralize one particluar source URL (the one screenshotted in their blog post, presumably), there is nothing stopping phishers using another one. That is, until Twitter notices it and blocks that URL too. It will be an on-going battle with the bad guys, and it will never be old news because of that. ;)
You don’t neutralize threats like this, you temporarily block them. That’s the flipside on having an API.
It looks as though this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email said, “hey! check out this funny blog about you…” and then provided a link. That link redirected to a site masquerading as the Twitter front page.