The Phishermen (and probably a few women) are always looking for fresh waters to hook some unsuspecting phish — so it should be no surprise that Twitter is their latest target. After all, e-mail, cell phones, and Facebook have already been phished, along with countless desktops and laptops.
According to a Symantec blog post, Twitter users are receiving warning messages from Twitter command and control about this matter. The blog post by Marian Meritt, the Internet Safety Guru at Symantec, gives blogger Chris Pirillo credit for breaking the story on Saturday. According to the blog post at Symantec, the messages appear to come from someone you know at Twitter with a link to a malicious website designed to steal information.
Twitter also put up a warning on their blog. It starts with a Wikipedia definition of phishing and then details how the phishing attack will come in the form of an e-mail message notifying a person they have a Twitter Direct Message. Thus far, the social engineering lures being used in the e-mail go something like this: "Hey! check out this funny blog about you..." and direct the user to click on a link to a fake website.
They also point out that if you look at the URL you'll see that it is not the same as the URL for the normal landing page for Twitter. A trick to do this (without clicking on the link) is to hover your mouse pointer over the link. If you look at the bottom left portion of your page it will display the URL the link goes to. With all the malware people can get nowadays by just visiting (driving-by) a malicious page — this is a much safer way to go about it rather instead of actually clicking on the link to find out.
Article comments