Targeting Twitter: A new wave of phishing


Just when you thought it was safe to go in the water…it seems like new phishing schemes are popping up all over the place.

The latest target?


When we logged into the Commtouch Twitter account, we noticed the warning message to users. (Kudos to twitter for being proactive and warning its users!) Apparently the scam targets twitter users via direct messages; the direct messages proclaim that a blog post has been written about you or that funny pictures of you have been located online.

If you click on the link provided in suspect messages, you are directed to a landing page that looks exactly like the Twitter home page. If you look more closely, however, you realize that the URL is something like this: http:// twitter . access – logins . com. According to the Commtouch data center, this domain is classified as “fraud/phishing” and it turns out that the domain has been set up to mock the appearance of Twitter in hopes of stealing user names and passwords from people who may not realize they’ve been duped.

In case you accidentally became a victim and your account is used to perpetuate the scheme, twitter will “proactively reset the passwords of the accounts.” Don’t worry though, you can reset your password by contacting twitter to reset your password.

While this was a phishing scam, plain and simple, using techniques we are familiar with from spam and IM, there are other web security holes inherent in the Twitter platform. ZDNet blogger Jennifer Leggio (aka @mediaphyter) wrote a overview of Twitter and other social networking sites and how they handle the glaring security hole that is URL re-directs. Because of the nature of Twitter, condensing thoughts into 140 character snippets, URLs are often automatically condensed using a service like tinyurl which redirects to longer addresses, making them easier to use with a smaller number of characters. As seen in the above example (just under the text box), if a URL is condensed using tinyurl, there is no way to really know where it is pointing before you click it, unless you are using a Twitter add-on such as Power Twitter.  In an attempt to overcome this issue, Twitter has added an “expanded URL” feature to its search page so savvy users can at least see what URL they will be going to (even if they don’t know if that URL is safe or not), but this feature is still not available on individual tweets from the regular Twitter site.

For more information on the Twitter phishing scam, see the Twitter blog. Also visit the Commtouch Web site for more information about how Commtouch GlobalView URL Filtering can identify malicious URLs and protect against schemes like this, blocking harmful sites at the zero hour, often long before users are exposed to them.

Are you on Twitter? Follow Commtouch and stay up to date with the latest Internet security threat trends.

Go back