Something Phishy is Going on Twitter

By  |  Friday, July 10, 2009 at 11:32 am

If a Twitter user suddenly gushes about an AWESOME site that got him or her TONS of followers, and then provides a link to it, it’s reasonable to be skeptical–especially if that person doesn’t strike you as the type to get excited about such things or make excessive use of ALL CAPS.

And if the Twitter user in question happens to be the host of a network TV show and have close to A MILLION followers already…well, the chances are 101% that something is amiss:

Twitter Phishing Attack

Mr. Stephanopoulos is one of scads of Twitter users who have fallen victim to some sort of scam. Clicking on the links in their Tweets takes you to one of several sites that instruct you to enter your Twitter name and password to get the promises TONS of followers.  And given that whoever’s behind all this has hacked into other people”s Twitter accounts to spread the word, trusting him or her with your Twitter password would be a Very Bad Idea.

I’m not sure how the phisher who’s doing this is tweeting from other folks’ accounts–it could be a known Twitter vulnerability, or one that nobody knew about until now. I’d love to hear Twitter explain what it’s doing about security other than telling folks to tread carefully.

One other note: George Stephnopoulos is one of the high-profile twitterers who has a Verified Account. But Verified Accounts don’t mean all that much if you don’t have any confidence that the tweets that emit from them are legit…

 
9 Comments


Read more: ,

4 Comments For This Post

  1. AJ Says:

    Your post does not make sense..

    Clicking on the links in their Tweets takes you to one of several sites that instruct you to enter your Twitter name and password to get the promises TONS of followers.

    I’m not sure how the phisher who’s doing this is tweeting from other folks’ accounts

    First you say that the sites ask a user to enter their twitter credentials and then you say that it is a phisher and have no idea how s/he is tweeting from those accounts?

    Once a user enters their twitter login credentials, the scammer is free to post all the tweets he or she wishes to. What’s the mystery there.

    It’s not phishing or even a vulnerability. Stretching the meaning of the term a bit, we can at most call it simple social engineering

  2. Harry McCracken Says:

    @AJ: I understand that once somebody gives the site his or her account and password, the person behind this can tweet from the account in question. But I take the fact that George Stephanopoulos’s account was compromised as evidence that it’s not JUST this specific social engineering going on. Unless you want to make the case that Stephanopoulos fell for a scam that he thought would get him tons of followers.

    –Harry

  3. AJ Says:

    @Henry, no not really. What I think happened is it is likely a network of sites. And what George Stephanopoulos fell for would be a more legitimate site than just to gain followers for harvesting login credentials.

    But then that can be confirmed only by George Stephanopoulos 😉

    However, the post itself if unclear between the two. From how I understood, the login credentials harvesting leads naturally to phishing which makes it confusing.

  4. AJ Says:

    Sorry for the double comment but is it possible to move the comment entry form closer to the comments themselves instead of having the trackback/pingbacks in between? Maybe the form on top of the comments or moving the trackback/pingbacks to before the comments?

5 Trackbacks For This Post

  1. | India News Says:

    […] Read more at http://technologizer.com/2009/07/10/something-phishy-is-going-on-twitter/ […]

  2. How to avoid spam a lot …. Something Phishy is Going…. | India News Says:

    […] Read more at http://technologizer.com/2009/07/10/something-phishy-is-going-on-twitter/ […]

  3. Twitter gains ground with Great Falls…. Something Phishy is Going…. | India News Says:

    […] Read more at http://technologizer.com/2009/07/10/something-phishy-is-going-on-twitter/ […]

  4. Twitter gains ground with Great Falls…. How to avoid spam a lot …. | India News Says:

    […] Read more at http://technologizer.com/2009/07/10/something-phishy-is-going-on-twitter/ […]

  5. Langsom PC? Gør din computer hurtigere uden besvær Says:

    […] en hurtigere computerEr din pc blevet langsom?Er din pc blevet langsom?Er din pc blevet langsom?Gør din computer hurtig igen var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); […]