Twitter Hit By BZPharma LOL Phishing Attack 81
An anonymous reader writes "Twitter users are being warned not to click on messages saying "'ol, this is funny,' as they can lead to their account details being stolen. A widespread attack has hit Twitter this weekend, tricking users into logging into a fake Twitter page — and thus handing their account details over to hackers. Messages include Lol. this is me?? / lol , this is funny. / ha ha, u look funny on here / Lol. this you?? followed by a link in the form of http://example/ [dot] com/?rid=http://twitter.verify.bzpharma [dot] net/login, where 'example.com' can vary. Clicking on the link redirects users to the second-half of the link, where the fake login page is hosted. In a video and blog entry, computer security firm Sophos is warning users that it is not just Twitter direct messages (DMs) that carry the poisoned links, but they are appearing on public profiles due to services such as GroupTweet which republish direct messages. Sophos also reports that the site being used for the Twitter phishing has also been constructed to steal information from users of the Bebo social network. Affected users are advised to change their passwords immediately."
Interestingly... (Score:5, Interesting)
...I just deliberately sought out this thing so I could see what it looked like - and amazingly, whatever it does, it manages to somehow hide the "Suspected phishing site" page in Google Chrome: It briefly appears but then the page seems to reload automatically and the page disappears
So not only is this a pretty sophisticated clone of Twitter's login, they've somehow managed to force their way past the attack warning too. Any ideas how they've done that?
Re:Interestingly... (Score:2, Interesting)
Re:And how exactly does that steal your password? (Score:1, Interesting)
well youre tricked into thinking your actually logging on the real twitter, so when you log you GIVE them your password, so its not really like they are stealing it, just receiving it
What about URL shortening services? (Score:4, Interesting)
I've always wondered why we don't see more phishing attacks with URL shortening services. Why not just tweet "Hey check out the pictures of my latest vacation at my picasaweb [tinyurl.com] page"? I don't think forcing users to install yet another plugin which checks out the tinyurl link as there's more than enough companies that do shorten URLs to make this plugin be yet another one which has to have to phone home to get updates...