Phishers target Twitter users yet again

by CXOtoday Staff    Feb 26, 2010

IT security and data protection firm, Sophos, is warning about the latest wave of cyber crime spreading across Twitter - a phishing attack designed to steal login details and hijack accounts.

Messages asking "This you????", followed by a link to a bogus Twitter login page, have caused such a scare on the micro-blogging network that the phrase is currently a hot trending topic on the site. The "This you????" messages are accompanied by clickable links which take unsuspecting users to a fake Twitter login page. Users, who are tricked into believing they might see a picture or information about themselves, may enter their username and password without thinking about the possible consequences.

The attack, which is the latest in a storm of phishing attacks that have occurred on Twitter since the weekend, is designed to steal passwords and could use hijacked accounts to spread money-making spam campaigns, steal identities, and distribute malware.

"Twitter users have been battered with phishing attacks in the last few days, all taking advantage of people’s curiousity," said Graham Cluley, Senior Technology Consultant at Sophos. "But if you click on the link and enter your details you could be taking your online identity and handing it over on a plate to hackers. They can then take your username, email address and password and not only use it to spread more attacks via Twitter - they can also try your credentials at many other websites - potentially opening your other online accounts to abuse. Anyone hit by this kind of attacks must change their passwords immediately."