UPDATE: There are reports of a new phishing scam making the rounds on Twitter. The attack seeks to steal user credentials by sending tweets out with links to a phishing site. The attack site requests the user’s log-in information; once the attackers have that, they can take over the account of the victim and use it to send out more messages.
According to messages from Twitter users, the tweets with the link to the phishing site have to do with the sender supposedly making a certain amount of money. Researchers at Twitter reported finding malicious Tweets with the message: “ROFL this you on here?”
“Just like hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, so they are increasingly interested in doing the same with social networking accounts,” blogged Graham Cluley, senior technology consultant at Sophos. “They know that computer users are more likely to open a message or click on a link sent to them by what appears to be their online friends and colleagues via a social networking site, making it easier to launch financially-motivated attacks.”
Such periodic phishing attacks on users of the popular microblogging service have become a fact of life. In May, researchers at Sophos reported that a number of Twitter users were lured to a phishing site via a tweet with the message: “check this guy out [tinyurl address leading to the attack site].” As was the case in that instance, URL shortening services are increasingly being abused by attackers to mask the Websites they are sending their victims to.
Besides drawing attackers as it has grown, Twitter has also gotten the interest of security researchers, as shown by the “Month of the Twitter Bugs.”
Twitter warned users about the attack, stating in a message: “A bit o’ phishing going on-if you get a weird direct message, don’t click on it and certainly don’t give your log-in creds!”
UPDATE: This story has been updated to add information and comment from Sophos.