As Twitter gains momentum there are more and more attacks on it, it’s users and the most recent is a phishing scam via DM (Direct Message).
It was uncovered recently that it was being used as a Botnet Control Channel, shortly before that it was subjected to a DoS attack.
This isn’t the first time DMs have been used in a Phishing attack too.
Phishers are targeting Twitter users in a new attack involving direct messages sent to Twitter users containing a link to a site requesting user log-ins.
There are reports of a new phishing scam making the rounds on Twitter. The attack seeks to steal user credentials by sending tweets out with links to a phishing site. The attack site requests the user’s log-in information; once the attackers have that, they can take over the account of the victim and use it to send out more messages.
According to messages from Twitter users, the tweets with the link to the phishing site have to do with the sender supposedly making a certain amount of money. Such periodic phishing attacks on users of the popular microblogging service have become a fact of life.
I’m not exactly sure why anyone would want to steal a bunch of Twitter accounts? Perhaps to monetize them somehow with spam/affiliate schemes.
But the current threat on Twitter is a phishing scam executed via DM with a link to various things including ways to make money, a video of you or some other juicy gossip.
The cornerstones of social engineering in phishing attacks.
In May, researchers at Sophos reported that a number of Twitter users were lured to a phishing site via a tweet with the message: “check this guy out [tinyurl address leading to the attack site].” As was the case in that instance, URL shortening services are increasingly being abused by attackers to mask the Websites they are sending their victims to.
Besides drawing attackers as it has grown, Twitter has also gotten the interest of security researchers, as shown by the “Month of the Twitter Bugs.”
Twitter warned users about the attack, stating in a message: “A bit o’ phishing going on—if you get a weird direct message, don’t click on it and certainly don’t give your log-in creds!”
If you are using Twitter you should follow @spam and keep up to date with what is happening on the network.
Source: eWeek
No comments:
Post a Comment