Twitter Hit By BZPharma LOL Phishing Attack
Twitter users are being warned not to click on messages saying, "lol, this is funny." Doing so can lead to their account details being stolen.
Twitter users are being warned not to click on messages saying, "lol, this is funny." Doing so can lead to their account details being stolen.A widespread attack hit Twitter this weekend, tricking users into logging into a fake Twitter page -- and thus handing their account details over to hackers.
Messages include:
"Lol. this is me??
lol , this is funny.
ha ha, u look funny on here
Lol. this you??"
followed by a link in the form of
" http://example.com/?rid=http://twitter.verify.bzpharma.net/login"
where "example.com" can vary. Clicking on the link redirects users to the second half of the link, where the fake login page is hosted.
As we have seen many variations of the URL in its entirety, you would be wise to avoid clicking on any links that, at the very least, refer to bzpharma.net.
The following video explains the problem in greater detail; additional information is available on the Sophos Website.
If you've fallen foul of this attack, then change your Twitter password immediately.
Much more information about the rise in cybercrime on social networks can be found in Sophos' Security Threat Report 2010.
Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning other blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024