Twitter users attacked by phishers

January 6, 2009 // 8:59 a.m.

Tags: #access-loginscom #attack #china #crack #cracker #phish #phisher #phishing #twitter #zhang-xiaohu

Twitter users have been targeted by phishers in a concerted campaign to steal login details, it has emerged over the Christmas period.

As covered by BetaNews, the attack takes the form of a direct message asking people to click on a link in order to see extended content. Once accessed, the page – bloggertwit.access-logins.com – presented a seemingly-authentic Twitter login prompt asking for a username and password.

In case you hadn't guessed yet, the page was fake: the access-logins.com domain does not, shockingly, belong to Twitter, instead being registered to a Zhang Xiaohu based in the Hunan province of China on the 16th of December. Should a user type in their account details, the account would be hijacked and used to harvest yet more accounts.

What isn't quite so clear is what the phisher – or phishers – was hoping to achieve. With no financial information stored on Twitter, the only purpose of the attack seems to have been to propagate the attack. Owing to the way the Twitter micro-blogging system works, direct messages can only be sent from a Twitter accounts that are being followed.

While the Twitter blog carries a warning about the scam – and the advise to immediately change your password if you think you've fallen prey to the phishers – it's up to third-party users to reveal the extent of the attack. Self-styled 'ProBlogger' Darren Rowse has reported receiving around 50 unique direct messages during the attack from the 8,857 people he follows using the service: while his usage is perhaps fairly unique in its breadth, a 0.5% capture rate is good going for any phisher.

Since Twitter blocked messages containing the URL, the owner of the domain appears to have moved on to bigger and better things: for a while, the site was iPhone themed, and at the time of writing the site has been replaced with a Facebook login page. It's clear that while the phisher has been blocked from Twitter, he is far from finished.

Have any of our Twittering readers received suspicious messages via the system, or was the attack of a far smaller scale than reports have suggested? Share your thoughts over in the forums.

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU