Beware: Twitter and Facebook Phishing scam

The internet is all a twitter with talks about the latest phishing scam to hit popular sites like Facebook and Twitter. 

Twitter’s Get Satisfaction forum (their help pages) are quickly being filled with users pleading for help, saying they were recently phished. 

GetsatisfactionTwitter has quickly jumped on the alert bandwagon, posting a message above Twitter feeds on the actual site Twitter.com reading:

TwitterwarningHowever, their main blog, as of 5:50pm  PT on January 3rd remained free of any additional information, but their status blog did have a brief update. In addition to this, users who don’t access Twitter through Twitter.com and instead use popular third party sites like tweetdeck or through their iphone might not see the message and instead, must rely on their friends to retweet the warning.

CNET reports that the phishing scam mimics the recent Facebook Koobface virus:

 Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, “hey! check out this funny blog about you…” The URL in the message then redirects to a page that looks like the Twitter login page, but is actually not on Twitter–it’s a site, twitter.access-logins.com, that masquerades as Twitter to steal your login credentials instead.

Recent reports also note that Facebook is also being spoofed in a similar login manner, so user’s best bet is to check their URL for authenticity before clicking on any links in DMs. If it isn’t a pure Twitter.com URL, don’t provide your login credentials.

As far as the “Tweet alert system” goes, I’d say this would make a great case for Twitter to strong-arm their users and pull a MySpace– compelling users to receive messages or Tweets from “Tom” — aka Evan Williams in Twitter’s case, anytime there’s a potential security threat. This would surely assuage many users who are “frantic” with the sheer thought of identity theft.

Advertisements

1 comment so far

  1. […] 5, 2009 · No Comments After a weekend filled with phishing direct messages Twitter users might want to seriously consider changing their passwords (if they […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: