Britain all atweet over Twitter phishing attack
IDG News Service - The latest phishing attack on Twitter users swept the U.K. overnight claiming several prominent users.
The result was evident on Friday morning when users woke up to find messages on compromised accounts that read, "hey, i've been having better sex and longer with this here," followed by a link to a Web site selling sexual-performance drugs.
Although the number of people affected is difficult to determine, it made top news on the country's TV networks and news sites perhaps in part because of those affected. They include at least one member of Parliament and several journalists.
Ed Miliband, a British Cabinet member and the country's secretary for energy and climate change, tweeted on Friday morning, "Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam." The tweet had been removed from his Twitter stream.
Another of those who saw his account hacked was Matt Wells, head of audio at The Guardian newspaper, who tweeted, "Good morning. I am neither female, nor have I been having better sex lately. (Although if there are any offers...). First-time Twitterhacked." The offending tweet was still available on his page at time of writing.
Other reports said BBC correspondent Nick Higham and the country's Press Complaints Commission were also hit.
While some of the accounts are believed to have been hacked by software programs looking for weak passwords, at least some were through Twitter direct messages that tried to entice users to click through to see a message from a young, attractive woman. Upon clicking the link users were taken to a look-a-like Twitter log-in page where they were asked to enter their username and password.
Twitter posted a message to its Twitter Safety channel late Thursday local time warning users to beware of direct messages. "If you get a DM from an enthusiastic lady wanting to converse by IM, please ignore. User is likely compromised & request is spam."
The phishing attack mirrors a similar one a week earlier that saw messages asking "LOL this you?" sent to users.
It's the kind of thing that will persist on social networking services, said Graham Cluley, senior technology consultant at security company Sophos.
"The fact is that social networking accounts have a financial value," he said. "They can be used as a springboard for sending out more spam, malware or selling things."
Users on sites like Twitter and Facebook tend to feel safer when using the sites than others on the wider Internet but should be every bit as aware, he said. Messages received through the sites don't necessarily come from friends, but could be from anyone with access to the account.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts