If someone appears on highbrow TV history programs do you trust what they say on social media? Do you believe everything that gets posted on a politician’s Twitter account?
I would hope you don’t. And maybe the following news will make you remain rightly cautious.
Firstly, if you have received a direct message from another Twitter user saying something like the following:
I figured I’d show you this… [LINK]
There’s something about you that you need to read… [LINK]
then don’t click the link!
According to researcher Janne Ahlberg, phishers are up to their old tricks again – attempting to steal the passwords of Twitter users.
If you have received a message like one of those listed above from one of your Twitter contacts then chances are that their account has been hijacked, and they didn’t send the message themselves.
If you click on the link you will be taken (via a number of redirects) to a bogus Twitter login page designed to phish your details.
The fake Twitter login page is hosted on a site called bdatex.com (I don’t recommend you visit it), and is still being used in the phishing campaign.
Janne says that he has reported the phishing activity to Twitter and a number of security companies, but he told me that protection so far is unsatisfactory:
“I don’t know why the security companies/entities do not block the whole domain. Blocking individual URLs does not help with sites like this.”
One security firm which did respond quite quickly was McAfee (soon to be known as Intel Security), after it was discovered that the attackers were abusing the McAfee Secure Short URL service in some of the attacks.
So, once the bad guys have hijacked your Twitter account – what might they want to do with it?
Well, one obvious way to monetise a compromised Twitter account is to send spam via it. After all, people are more likely to follow links from someone they know on Twitter endorsing a product than a complete stranger.
If the Twitter account hijackers themselves aren’t interested in making money through spam, they have no qualms about selling details of the hacked accounts to the many people who are.
Most recently a spate of diet spam has been seen sent from compromised Twitter accounts. Janne reports seeing an influx of Twitter diet spam yesterday (20-40 tweets a minute), using a redirecting site called greek-sites.gr:
Fastest way to lose weight, burn fat and stop fat production [LINK]
And it’s quite likely that the owners of these accounts had their password details phished by a Direct Message spam campaign like the one described above.
Victims have included British TV historian Simon Schama…
.. Jamie Reed MP, a Labour Shadow Minister for Health…
.. and Stuart McMillan, a Scottish National Party politician.
Make sure that you are on the lookout for suspicious messages on Twitter, are not using the same password in multiple places, and consider enabling two factor authentication (2FA) to have greater security over who can access your account.
Thanks to Janne Ahlberg for his assistance with this article.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.