Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Twitter phish floods network with short URLs

The short messages (tweets in Twitter terms) are reportedly routing users to a fake Twitter login page which, when the user 'logs in'  sends them to a China-based server.

According to IT security vendor Webroot, other domains that are hosted on the servers' IP address have been implicated in spam campaigns promoting cheap pharmaceuticals.

In a security blog posting, Andrew Brandt, Webroot's lead threat research analyst, said that it appears a lot of people may get tripped up in the rush to see what the link is all about.

"After you type anything at all into the phishing version of the Twitter login form, your browser is redirected to a hastily created page on Blogspot. Meanwhile, the tweets keep on coming", he said.

According to Brandt, Twitter users should always look at the address bar before they enter their Twitter credentials.

Over at Sophos, meanwhile, Graham Cluley, the IT security vendor's senior technology consultant, said that, if you click on the link you are taken to a fake Twitter login page, where hackers are just waiting for you to hand over your credentials.

"In fact, they can automatically post the phishing message from your account as soon as you hand over your details", he said, adding that, if anyone gets a message like `Is this you?' it is likely that their account has been compromised by cybercriminals.

Sophos has posted a YouTube video of the Twitter attack on its website.

What’s Hot on Infosecurity Magazine?