Friday, February 1, 2013

"Did you see this pic of you?" Phishing Scam Stealing Twitter Logins

new-twitter-logo-tmbThere’s a new phishing scam circulating on Twitter and judging by the amount of phishy DMs we’re receiving, a lot of folks are falling for it.

Tsk, tsk, people. Have we not learned anything from past phishing attacks?

How the Scam Works

Similar to previous scams, it all starts with an intriguing direct message:
Did you see this pic of you? lol [SHORT LINK]

The embedded short link leads to a phishing page that would make anyone believe it were a legitimate Twitter page asking us to verify our account password – IF we never bothered to look at the URL in our browser’s web address bar:

Twitter Phishing Scam: Verify Your Password

Of course, any information entered into the above form would be sent off to the scammer and the victim would be questioning what just happened after being redirected to a (fake) 404 page:

Twitter Phishing Scam: Redirects to Fake 404 Page

After a few seconds, you’ll be redirected to the real Twitter website:

Twitter Phishing Scam: Redirects to Twitter

At some point the attackers will hijack your Twitter account to spam your followers with the same DM that tricked you in hopes of expanding their list of victims.

Don’t Fall for This Scam!

Now that you know how this phishing scam works, here are a few ways you can protect yourself in the future:

  • Do not follow short links without expanding them first. You can use a free service like to check the true destination before following a link.

  • Be cautious of links that go to a page asking you to login. You were logged in just a second ago, why do you suddenly need to login again?

  • Always check the URL in your browser’s web address bar before entering any sensitive information. Scammers can fake the look and feel of a website, but the URL does not lie.

What to Do with Twitter Phishing Scam DMs

If you happen to receive one of these phishing messages, it is recommended that you:

  • Avoid clicking on any embedded links.

  • Report the DM to Twitter.

  • Let the sender know that their account has been compromised and advise them to change their Twitter password.

  • Delete the DM immediately.

  • Warn your fellow Twitter users!

Have you seen this scam yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment