IDG News Service - Twitter warned users Tuesday of a new phishing scam on the social networking site.
It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.
"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page.
The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.
Neither of these pages appears to include any type of attack code, but both should be considered untrustworthy, according to Sophos Technology Consultant Graham Cluley. "It seems like this was a straightforward phishing campaign, rather than an attempt -- at this stage at least -- to spread virally," he said via email.
Victims get these direct messages only from people they follow on Twitter, so they seem more believable than other types of spam. Once a user has been phished by the attack, the criminals are then able to direct message all of the victim's contacts with the phishing spam.
"These sort of things have been happening for over a year on Twitter," Cluley said in an interview.
Hacked Twitter accounts are a great launching pad for more attacks, Cluley said. "We don't know precisely what they're going to do in this case, but often they will send spam messages to advertise a particular site."
Because about a third of users have the same passwords for all of their online activity, criminals can also use the same log-in information to try to get into other Web services such as Gmail or Yahoo, Cluley said.
"If you've fallen for one of these traps, don't just change your Twitter password; change your password on every Web site you use," Cluley siad. "Use non-dictionary words and use something that's hard to guess."
The Twitter attack comes as Facebook users are also under siege. Security researchers say that a spam botnet is has sent out hundreds of thousands of fake password reset messages. When victims try to open an attachment that supposedly contains their new password, they end up running a Trojan horse program, called Bredolab, that then installs unwanted software on their PCs.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!