Twitter Under Phishing Attack

Twitter have alerted Twitter users that there has been a Phishing attack on many of their users over the weekend. You can read their full post (with updates) on it on their blog.

The Phishing ’scam’ went like this:

Emails were sent out to Twitter users that resembled emails you’d get if you got a Direct Message. The email said that a blog post had been written about the Twitter user and contained a link. The link led to a page that looked like the Twitter front page – complete with a login form.

It seems that quite a few Twitter users didn’t realize that they were not on the front page of Twitter and logged in anyway – in doing so giving their login details.

Once this happened the second wave of attack has set in with those people who gave away their login details now having their accounts being used to send DM’s to their friends telling their friends to check out a link on a blog. Again these links were directed to a page looking like a Twitter front page.

It seems that the attack didn’t have much more agenda than to cause trouble as to this point there are only reports of the information being used to keep the scam going – but none the less many Twitter accounts seem to have been compromised (I’ve had 20+ DMs from legit Twitter users in the last 12 hours).

Twitter have acted pretty quickly and have reset the passwords on accounts that have been compromised and have reported the URLs concerned to OpenDNS’ and Google’s reported phishing lists. I just visited the page and firefox warned me of the danger.

If you’re trying to login to Twitter and your password has been reset by Twitter you can reset it here.

Update – it seems that the phishers are now starting to send DMs using the accounts of those who have given their login details that invite people to visit an iPhone site. While Twitter say they’ve changed people’s passwords I’m still getting quite a few of these DMs. Looks like this Phishing thing has still got legs!

Comments

  • January 5, 2009

    Thanks for letting us all now about this Darren!! I got a message similar which may be phishing, but not sure..

    Thanks,
    Shane

  • January 5, 2009

    So far, I have been fortunate. I have not (yet) seen a single phishing DM on my Twitter account. Hopefully Twitter gets this thing locked down soon. Best thing to do is to CHANGE YOUR PASSWORD. I did that yesterday when the phishing scam first broke.

  • January 5, 2009

    Thanks for this news. I was wondering about this as I have received a DM from just one Twitter follower as described above. I remember skimming over a tweet about twitter and phishing about 10hrs prior so my antenna stuck up when I got it.

    Appreciate the post Darren. It clears it up for me. Cheers.

  • January 5, 2009

    I’m not using twitter a lot, but I’m not surprised considering its popularity.

  • January 5, 2009

    Given the number of 3rd party webpages that request twitter id & pswd, it’s amazing we’ve not seen a phishing scam like this sooner. I’d bet this has and will continue to be a huge concern for those @ Twitter

  • January 5, 2009

    Thanks for the heads up, Darren. That explains a couple of odd DMs I got this morning. Constant vigilance remains the order of the day, I guess.

  • January 5, 2009

    I have seen a few already but Firefox so far has but up the big red phishing warning when I visit the sites.

  • January 5, 2009

    The weird part is this entire Twitter phishing attack is very reminiscent about a Facebook scam.

  • January 5, 2009

    Apparently you need to be more careful than just changing your password. Someone who has your password can still get into your account AFTER you’ve changed the password for it:
    http://brianshaler.com/blog/2008/11/23/twitter-security-issue/

  • January 5, 2009
    Brian Ashenfelter
    @bashen

    Only gotten a few DMs so far. I’m curious: Does anyone know how they got the e-mail addresses of the Twitter users to send the initial e-mails? Was it just a typical phishing attack where they try a bunch of random e-mail addresses hoping some of them will be Twitter users?

  • January 5, 2009

    People should never take the stuff serious.

  • January 5, 2009

    Hey, but what if you meet this situation?

    The Twitter’ solution to re-take control over the user’s own accounts is to reset the password. But what if the scammer has already changed the email address in the personal profile and he will get the reset link instead of the genuine owner? Isn’t there any other method? I doubt scammers didn’t think about this and first thing they did on the hacked account was to change the email address.

    I’m really curious how this situation can be avoided

  • January 5, 2009

    I wondered what all the buzz was about. I was afraid to open any links at all on Twitter. Nice to know it wasn’t such a big deal. My Twitter peeps were sending out all kinds of “avoid all direct messages” Tweets. :) There is always a couple sour apples that spoil the entire bushel.

    blessings,
    Wendy

  • January 5, 2009

    I haven’t received one of the dreaded DM’s yet — maybe I’m just not that popular ;-)

    Anyway, I never participate in Twitter add-ons and related pages that require me to enter my password. It would be like giving somebody a blank check.

    Always be leery of any site that requires your password! Double-check the URL and your motives for using the page. You can’t be too cautious!

  • January 5, 2009

    I didn’t get any DM’s, but I did notice a lot of fake follow notices. Mostly from well known marketers with underscores in their names eg: __Derek__Ghel. Derek followed me using 5 different accounts Woot lol. NOT, no such user on Twitter.

    They are still coming. I just got another one, it seems _BobProctor__ is following me now. Maybe he will whisper a ’secret’ in his tweets.

  • January 5, 2009

    Darren, your explanation of how the whole thing started is very clear, even more clear than the explanation on the Twitter blog! Thanks for this post!

  • January 5, 2009

    I too got such mails. The dms weren’t displayed in tweetdeck, but I got the mails. But I had WOT plugin installed and it didn’t allow me to visit the site. I am lucky to be careful!

  • January 5, 2009

    Yikes, yes, I am being inundated with these DMs. Well, now they are going directly to my email address rather than going to twitter, but they are labeled as DMs. How annoying *smiles*

  • January 6, 2009

    Here In Colombia i still did here about this problem so i will be on touch about it. Good post.

  • January 6, 2009

    I’ve experienced yet another small twist to this phishing. I received an email from someone I am following on Twitter and the msg said: hey. i won an iphone! come see how here http://helloiphones.com … yet there was no copy of the DM in my Twitter folder.

  • January 6, 2009

    Bummer. I jumped into to this. But think I acted fast so got everything cleaned up again. Good to see that twitter is on top of this an has closed the supisious account. I came in here to see if you had posted and Twitter Beware article to avoid jumping into this trap again. Did see on your Facebook site to be careful open any DM links. Maybe you will come up with an Twitter Beware article…

    Cheers..

  • January 6, 2009

    Thank you for the explanation as to how the DM attack was accomplished. These spammy DM messages to check other blogs have been terrible! I’ve gotten quite a few in the past day or so. I’m also telling everyone I know to change their passwords.

  • January 6, 2009

    it seems that the best policy is to always check the URL before doing anything.

  • January 7, 2009

    I get these on Facebook too and never open them. In fact, anytime I get a “you’ve got to see this!” email with a link, it goes straight to delete.

    If you change your password and you use other sites like Twitterfeed or TweetLater, be sure to update your info there.

Sorry, the comment form is closed at this time.