Phishing Scams Move From Facebook to Twitter
We've seen phishing scams on Twitter before, but more attacks have recently been focused on Facebook and its massive user base. Now, though, scam artists are turning their focus full force to the microblogging service in a concerted effort to hijack accounts and spread spam.
The first part of the scam involves fake accounts (usually displaying images of attractive women) that follow tweeters. Clicking through links in the spam account lead users to a fake Twitter login page feautring the URL Tvviter.com, intended to pass for Twitter.com at a quick glance. After collecting a users' usernames and passwords, the phishers pass them back to Twitter where the duped tweeters find a host of new attractive women following them. Clicking through to links on those accounts lead users to X-rated dating sites that are undoubtedly paying the phishers for the traffic.
The scam doesn't end there, though. The attackers then hijack the compromised accounts and send out tweets reading that "there is this funny blog going around" and featuring a shortened link. Following the link leads followers of the hacked tweeter to the same fake Twitter login page, where the cycle begins again.
Twitter has been quick to clean out the spam messages and shut down the offending accounts, but traces of it can still be found. (We were followed this morning by one of the hijacked accounts, offering $5 acai berry supplements.)
As always, the cautious Web user can avoid most of these traps. Always double check the address bar before entering your password, don't click on suspicious links, and be sure to use a service like LongURL, or its Firefox add-on, to double check shortened URLs before clicking them. [From: NY Times]
Add your comments