Twitter Phish-O-Rama
News, over the weekend, of yet another social network phish vector, this time, through Twitter. In an effort not to belabor the typical phish modus, I will leave it up to Twitter Status and CNET’s Rafe Needleman to describe the sordid details.
[Significant effort needs to be expended at Twitter HQ to mitigate this attack vector in the future. Maybe requiring authentication through the API might be a good idea fellas... Furthermore, the exercising of a modicum of common sense would have slowed the spread in the first place., i.e., users should never click on links in email (the vector utilized in this attack). Now - the inevitable question arises: How safe is Twitter for the general public? The Conventional Wisdom Engine at Infosecurity.US answers: Not Very. Unfortunately, I predict a significant increase in this type of attack...mxh] More information appears after the jump.From Twitter Status: ” Don’t Share Your Secret Info!
If you receive an email notice saying you’ve received a Direct Message with a link that redirects to what seems like Twitter.com, be careful about entering your Twitter credentials. Instead, look closely at the URL to see if it’s not really Twitter but a sketchy phishing site like http://twitter.access-logins.com. If this has you feeling a bit weirded out, feel free to change your Twitter password.
Update: The suspicious site is being blocked. More information at the Twitter Blog.”
- Twitter Like Phishing Sites and Email Spam
- Twitter Officially Hits Mainstream; First Phishing Scam Reported
- Gone Phishing
- Twitter’s not a site, it’s a protocol
- Threat forecast predicts more Storm, spam, phish
- Twitter Experiencing Phishing Scams
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_b.png?x-id=9d8c2702-1c78-4c60-a9c5-d9a73d1a1839)
