Twitter hit by multiple phishing campaigns

News by Dan Raywood

Micro-blogging site Twitter has been hit by phishing campaigns over the past couple of days.

Micro-blogging site Twitter has been hit by phishing campaigns over the past couple of days.


Initially spotted by Trend Micro, the first saw the introduction of the typo-squatting site ‘Tvviter' that aimed to catch out unaware users to sign in and allow hackers to steal login details.


Rik Ferguson, senior security advisor at Trend Micro, claimed that the site was directing users (through intermediate fake personal websites and using URL shortening services) to sites hosting ‘Adult Dating Services' by automatically adding followers to the compromised accounts.


Ferguson said: “If anyone is duped into handing over their account credentials, in addition to opening up their account to abuse, they will find that several new followers appear on their account.


“On following links to these profiles, their immediate purpose appears to be to redirect to adult dating sites, making the scammers money in the process through a pay-per-click affiliate scheme. The URLs concerned are under ongoing analysis for malicious content, please do not feel tempted to visit them, even out of curiosity.”


Ferguson later claimed that hundreds of compromised accounts are now being used to post messages directing people towards a second phishing site located in China. Here, compromised accounts are posting messages that say simply ‘there is this funny blog going around' or ‘hey check thiss out', accompanied by a shortened URL.


In an update, he claimed that Twitter had deleted all of the phishing posts in compromised accounts and reset the passwords, and at 00:36am GMT today a notification mail was sent out to all affected account holders.


Ferguson said: “Maybe the folks at Twitter should consider stopping counting URLs as a part of the 140 character limit imposed on posts, and make obfuscated URLs such as this the exception rather than the rule?”


Symantec also detected a phishing campaign, with Samir Patil claiming that a URL is provided to order a ‘Risk-Free Twitter Profit Software' kit that leads to a web-form that asks for personal information such as name, email and address. This is followed by another form asking for your credit card number, expiration date and security code. 

Patil also claimed that the Twitter dating site Datetwit is also being targeted with various recently registered spam domains used in the links that leads users to enter Twitter credentials to log into the dating site. In an attempt to hide from anti-spam filters, email messages are obfuscated with legitimate content.


Patil said: “With these attacks, spammers hope that they can lure recipients into action by hiding behind the reputation of a social networking brand that continues to grow in popularity. Please remain cautious of any unsolicited messages that are received from an unknown or untrusted source.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews