Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Guest Blog // Selected Security Content Provided By Sophos
What's This?
06:17 AM
Graham Cluley
Graham Cluley
Security Insights

Twitter Users Hit By More Phishing Attacks

Thursday wasn't a good day for Twitter security: The site was rocked by two new phishing attacks that attempted to steal identities from a large number of users.

Thursday wasn't a good day for Twitter security: The site was rocked by two new phishing attacks that attempted to steal identities from a large number of users.The first I knew of it was when I found a message in my email early in the morning, telling me someone named "3XNJTVJG0SYIKDH (NinaOchoa)" was now following me on the microblogging site.

Not a very ordinary name, I thought. I did some investigating, and it turned out this person was following hundreds of other people and encouraging them to visit a link which -- via TinyURL -- resolved to www.tvviter.com.

Note, that's not twitter.com; the phishers were pointing to t-v-v-i-t-e-r instead. If you glanced quickly, then you might believe it was the real Twitter site that was asking you to re-enter your login information, rather than a phishing site stealing your credentials.

Here's a short video I made while the phishing sites were still up, demonstrating what the attack looked like:

A live Twitter phishing attack from SophosLabs on Vimeo.

It wasn't just the NinaOchoa account that hackers had set up to spread their phishing messages. We saw scores of other accounts, all telling you to, "Check this guy out..."

Twitter phishing accounts

Later in the day, another phishing attack broke out on Twitter that said, "there is this funny blog going around," and pointed -- once again -- to a fake Twitter login page.

Don't forget, when you suspect that someone on Twitter is a spammer or phisher, the best thing you can do is block him from following you, and report him by sending a direct message to @spam, Twitter's spam response team.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...