IT security and control firm Sophos has warned members of
Twitter to be on their guard against an evolving attack which
threatens to steal personal information from them.
Thousands of Twitter users are reporting having received direct
messages from friends inviting them to visit a website. Sometimes
the lure claims that they could win an Apple iPhone, and on other
occasions the messages have pretended to point to funny pictures or
blog articles about the recipients.
The original messages over the weekend pretended to point to
funny pictures or blog articles about the recipients:
"Hey, i found a website with your pic on it... LOL check it
out here"
and
"hey! check out this funny blog about you..."
However, clicking on the links would take users to a bogus
Twitter page which would steal users' login name and passwords.
Writer, TV star and Twitter celebrity Stephen Fry was amongst
the people who unwittingly clicked on the link without realising
that he was being taken to a potentially dangerous website although
it is not believed that his account has been compromised.
Sophos experts note that having hacked into Twitter accounts
with information gleaned from the widespread phishing attack,
cybercriminals are then using the compromised Twitter identities to
pass on spam messages to even more Twitter users.
These new messages are claiming that recipients could
win an Apple iPhone if they visit a web link:
"hey. i won an iphone! come see how here"
and
"Wanna win the new iPhone? It's so easy and cool, I love
this thing!"
"It would be bad enough to hand your Twitter username and
password over to a criminal, as they could pose as you online and
spread malware and spam to your friends and followers. However, as
an alarming 41 percent of internet users foolishly use the same
username and password for every website they access, the potential
for abuse is even greater," said Graham Cluley, senior
technology consultant at Sophos. "Twitter users who may have lost
control of their accounts need to change their passwords as a
matter of priority before more harm is done. Compromised social
networking accounts are valuable for hackers as they can use them
for a springboard for spam campaigns, identity theft attacks and
other online crime."
Learn more about the phishing and spam attacks on Twitter
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.