Phishing For TweetsPhishing For Tweets
A new phishing scam that targets Twitter users is a backhanded compliment to the messaging service.
January 5, 2009
A new phishing scam that targets Twitter users is a backhanded compliment to the messaging service.Twitter hit a new milestone this Saturday when the company posted a warning that phishers were targeting Twitter users. You know you've arrived when scammers decide your platform is big enough to be worth trying to spoof.
The scam relied on an e-mail message that claimed to come from Twitter. The message included a link to a false log-in page that would let the scammers capture the Twitter user's ID. The scammers could then use the ID to log on as a trusted Twitter user.
I'm guessing the next step for the scammers would be to send direct messages to other Twitter users, including a link that would download malware (keylogger, rootkit, etc.).
The blog post says it will reset the password of any Twitter user that may have logged into the fake site.
It's an interesting attack because it takes advantage of the trust between Twitter users. I know I click on links sent to me via other users all the time.
I'm not sure a phishing attack against the Twitteratti would be very successful. One the one hand, Twitter users are a fairly tech-savvy bunch, and might be wary of potential abuse.
On the other hand, the scammers used a potent bait: vanity! The scam message said something like "Hey, there's a funny post about you. Click this link!" I know I still get a thrill when I get an e-mail notification of a new follower, and could easily be tempted by such a message.
In any case, a snake has crept into the Twitter garden, and we'll all have to be on our guard.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Modernize your Security Operations with Human-Machine Intelligence
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Defending Corporate Executives and VIPs from Cyberattacks