Twitter users attacked by phishers

Twitter users attacked by phishers

The site was designed to replicate the Twitter login page, and the URL spread via the service's Direct Message functionality.

Twitter users have been targeted by phishers in a concerted campaign to steal login details, it has emerged over the Christmas period.

As covered by BetaNews, the attack takes the form of a direct message asking people to click on a link in order to see extended content. Once accessed, the page – – presented a seemingly-authentic Twitter login prompt asking for a username and password.

In case you hadn't guessed yet, the page was fake: the domain does not, shockingly, belong to Twitter, instead being registered to a Zhang Xiaohu based in the Hunan province of China on the 16th of December. Should a user type in their account details, the account would be hijacked and used to harvest yet more accounts.

What isn't quite so clear is what the phisher – or phishers – was hoping to achieve. With no financial information stored on Twitter, the only purpose of the attack seems to have been to propagate the attack. Owing to the way the Twitter micro-blogging system works, direct messages can only be sent from a Twitter accounts that are being followed.

While the Twitter blog carries a warning about the scam – and the advise to immediately change your password if you think you've fallen prey to the phishers – it's up to third-party users to reveal the extent of the attack. Self-styled 'ProBlogger' Darren Rowse has reported receiving around 50 unique direct messages during the attack from the 8,857 people he follows using the service: while his usage is perhaps fairly unique in its breadth, a 0.5% capture rate is good going for any phisher.

Since Twitter blocked messages containing the URL, the owner of the domain appears to have moved on to bigger and better things: for a while, the site was iPhone themed, and at the time of writing the site has been replaced with a Facebook login page. It's clear that while the phisher has been blocked from Twitter, he is far from finished.

Have any of our Twittering readers received suspicious messages via the system, or was the attack of a far smaller scale than reports have suggested? Share your thoughts over in the forums.


Discuss in the forums Reply
liratheal 6th January 2009, 09:04 Quote
I hate twitter so, so much.

I hope it craps itself.
DougEdey 6th January 2009, 09:23 Quote
Oh, such MASSIVE news, it's almost though they're being targeted.

Oh wait, EVERYONE gets phishing attacks. Why is this one so important
StephenK 6th January 2009, 09:24 Quote
No messages received here. Looks like the podcasting tweets just weren't loved enough to be messaged ;p
Gareth Halfacree 6th January 2009, 09:36 Quote
Originally Posted by DougEdey
Oh, such MASSIVE news, it's almost though they're being targeted.
Oh wait, EVERYONE gets phishing attacks. Why is this one so important
Perhaps because this is the first known attack to attempt to steal Twitter login credentials? The first attack to use Twitter as its vector? Sure, e-mail phishing is nothing new - but this is.
StephenK 6th January 2009, 09:40 Quote
Also, perhaps userbase size is a factor? When a very popular services gets targeted of course it's going to be reported on. Everyone get's phished but whilst you may not hear about a small service, you'll hear about a new attack on gmail or WoW.
DougEdey 6th January 2009, 09:45 Quote
People do it all the time with Facebook, faked login pages and the like, it really just seems to be news because it's a different site being attacked.
quack 6th January 2009, 11:50 Quote
Some big names have fallen victim to this phishing attempt. Britney Spears, CNN, Fox News...
Nexxo 6th January 2009, 11:53 Quote
My God! If serious intellects like those are fooled, what hope is there for mere mortals like us?
quack 6th January 2009, 11:59 Quote
Barack Obama and Facebook also had accounts hacked.

Apparently these were not the work of the publicised phishing attempt, but a hacker.
MrMonroe 6th January 2009, 16:34 Quote
Obama's seems to be the only hack that might have wound up a net gain for whoever did this. The rest of the uses of the hacked accounts seem pretty juvenile. Rick Sanchez's account spewing out "I am high on crack right now might not be coming in to work today" doesn't seem like a particularly profitable use of a twitter account.
badders 6th January 2009, 20:16 Quote
* Runs off to find out what Twitter is"
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums