Twitter Phishing Attack – Wham Bam Thank You Tweets

Twitter users started getting hit with direct messages early Saturday afternoon by a phishing scam aimed at grabbing Twitter login and passwords. I tried to track down the original warning but all I found was this from Chris Pirillo. Could be he was the first to let the Twitterverse know and if so, thank you Chris.

The message is still being found on some accounts and it’s unclear if Twitter has been able to find the cause.

http://easycaptures.com/fs/uploaded/103/thumbs/1942190438_b.jpg

How Did It Work?

It looks as though this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email said, “hey! check out this funny blog about you…” and then provided a link. That link redirected to a site masquerading as the Twitter front page.

If you didn’t look at the URL of this false Twitter page, then you might not have noticed that it was actually just a page on the domain access-logins.com which was also faking Facebook’s front page. We immediately reported the offending domain (and warned our friends at Facebook). The site is now on OpenDNS’ and Google’s reported phishing lists.Twitter Blog

Twitter Becomes the Target

I figured it was only a matter of time. I made several comments over the past few months about the need for a more secure Twitter. I love the open API but that also makes room for less than honorable people to exploit Twitter users. Since this is only a phishing scam, it requires people to go to a false website and enter their Twitter user account information then it steals them. That is kind of Web 1.0 style. Phishing attacks have been around forever. I remember the good old AOL days where these kind of attacks we a daily occurrence.

http://www.tippingpoint.com/img/phishing.jpg

Source

What I am dreading but also know is just around the corner now is a full fledged Twitter attack. Many of us use twools (Twitter Tools) like Twollo, Bitly, and MrTweet. All of these and other Twitter Twools require you to enter your username and password over an unsecured connection. All it takes is one geek to build a simple app that will be enough to get thousands of people to enter their user information and let the mayhem begin.

I think this will come in 2009 and that will be a dark day in Twitter Land.

Koka Sexton

Koka Sexton is a renowned expert in social selling. Some would say Koka Sexton is the reason social selling exists, he would say that social selling existed once the internet was created. A recognized expert in social selling that has produced revenue for B2B companies, Koka continues to make generating new business the focus of social media. Finding creative ways to plan, develop and execute content marketing campaigns that break through the noise and provide value to buyers in excess of what they expect.

3 thoughts on “Twitter Phishing Attack – Wham Bam Thank You Tweets

  • January 4, 2009 at 12:00 pm
    Permalink

    I think many people were not so lucky but I am happy with the response Twitter made and adding the warning to their site.

  • January 28, 2009 at 8:41 pm
    Permalink

    I haven’t received this warning but I will keep an eye open for it. thanks for posting this.

Leave a Reply

Your email address will not be published.