Twitter users are being targeted byanotherphishing attack designed to steal login
details, warns security firm Sophos.
Some users of the micro-blogging service last night received
direct messages with a short text message and a link, similar to
this: "rofl this you on here?
http://videos.twitter.secure-logins01.com".
The link appears to go to a video sharing page, but instead
displays a fake Twitter login page designed to steal the user names
and passwords of unsuspecting users.
"Just like hackers like to commandeer poorly protected PCs to
form a botnet from which they can send spam campaigns or spread
malware, so they are increasingly interested in doing the same with
social networking accounts," said Graham Cluley, senior technology
consultant at Sophos.
Cybercriminals know computer users are more likely to open a
message or click on a link sent to them by what appears to be their
online friends and colleagues via a social networking site, making
it easier to launch financially-motivated attacks, he said in a
blog post.
"In this case the bad guys are also able to access potentially
sensitive private information you have in past direct messages you
have sent and received via Twitter," he said.
Cluley said Twitter users who have entered their details into
the fake Twitter page should change their password immediately
before it is abused by the cybercriminals behind the rofl Twitter
attacks.
Potential victims should also change their login details on any
other sites where they use the same password as their Twitter
account because those sites could also be compromised, he said.