DM Twitter Phishing

16 Feb

Twitter users, watch out for Direct Messages suggesting you look at a picture of yourself…

In the last week, I have had 3 twitter DMs attempting to phish.

Two suggested

Hey, check out this picture of you [deleted link]

the other

Just seen this discussion criticising a post of yours, check it out [deleted link]

In both cases the [deleted link] was a shortened URL.

Curious as to where it would take me, I carefully copied the URL into a sandboxed environment anc checked it out.
In all three cases it went to web page that was a convincing mock up of the Twitter logon page, inviting me to add my username and password. I declined.

Twitter logon

On a PC the fake page is easy to spot, as the URL in the title bar was something other than https://twitter.com/.   However, if you use a tablet device (iPad/Android), where the browser built-in to the twitter app kindly hides the address bar, to save screen real-estate, it is harder to spot.  If unsure (and decide not heed the advice not to clink the link at all) use the “Open in Browser” option, so you can see the full address prior to entering any details.

It would be very easy to be fooled by DM phising attack such as this, especially on a table device,  leaking by username and password to the phisher.  Please be wary.   Please make your twitter friends aware of this.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: