Twitter Hit By BZPharma LOL Phishing Attack

Twitter users are being warned not to click on messages saying, "lol, this is funny." Doing so can lead to their account details being stolen.A widespread attack hit Twitter this weekend, tricking users into logging into a fake Twitter page -- and thus handing their account details over to hackers.

Messages include:

"Lol. this is me??
lol , this is funny.
ha ha, u look funny on here
Lol. this you??"

followed by a link in the form of

" http://example.com/?rid=http://twitter.verify.bzpharma.net/login"

where "example.com" can vary. Clicking on the link redirects users to the second half of the link, where the fake login page is hosted.

As we have seen many variations of the URL in its entirety, you would be wise to avoid clicking on any links that, at the very least, refer to bzpharma.net.

The following video explains the problem in greater detail; additional information is available on the Sophos Website.

If you've fallen foul of this attack, then change your Twitter password immediately.

Much more information about the rise in cybercrime on social networks can be found in Sophos' Security Threat Report 2010.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning other blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.