Filtered By: Scitech
SciTech

New Twitter phishing attack poses as reputation alert


Cybercriminals are at work on micro-blogging site Twitter again, unleashing a new phishing attack that poses as a reputation alert. The new attack seeks to fool victims into giving their Twitter password by claiming a new blog is maligning them, computer security firm Sophos said. "Here's an example of the latest attack that has been seen on Twitter. The message arrives in the form of a direct message (DM), and has a pretty enticing reason for you to click on the link: 'Read this yet? horrible blog going around about you [LINK],'" Sophos said in a blog post. It said clicking on the link will take the prospective victim to a site that looks like the Twitter homepage. "At this point, you think that your Twitter session has timed out – and you may well be tempted to enter your user ID and password," Sophos said. But a closer look at the URL showed the site is not www.twitter.com but www.twittelr.com. "(I)t's a lookalike phishing site called twittelr, designed to steal your login credentials so cybercriminals can use your account to spew out spams, scams and other nasty links. They could even read your private DMs if they wanted," it said. Sophos said commandeering a Twitter account will allow them to send spam messages, including direct messages to the victim's online friends. "What lies at the end of the links can vary. It might be a webpage offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer," it said. — LBG, GMA News

LOADING CONTENT