"This you????" phishers strike Twitter users

February 24, 2010 Sophos Press Release

IT security and data protection firm Sophos is warning about the latest wave of cybercrime spreading across Twitter - a phishing attack designed to steal login details and hijack accounts.

Messages asking "This you????", followed by a link to a bogus Twitter login page, have caused such a scare on the micro-blogging network that the phrase is currently a hot trending topic on the site.

The attack, which is the latest in a storm of phishing attacks that have occurred on Twitter since the weekend, is designed to steal passwords and could use hijacked accounts to spread money-making spam campaigns, steal identities, and distribute malware.

The "This you????" messages are accompanied by clickable links which take unsuspecting users to a fake Twitter login page. Users who are tricked into believing they might see a picture or information about themselves, may enter their username and password without thinking about the possible consequences.

This you tweet

"Twitter users have been battered with phishing attacks in the last few days, all taking advantage of people's curiousity," said Graham Cluley, senior technology consultant at Sophos. "But if you click on the link and enter your details you could be taking your online identity and handing it over on a plate to hackers. They can then take your username, email address and password and not only use it to spread more attacks via Twitter - they can also try your credentials at many other websites - potentially opening your other online accounts to abuse. Anyone hit by this kind of attacks must change their passwords immediately."

"Crime on social networks is on the rise, we saw a 43% rise in the number of people reporting being phished via such sites in the last 12 months, and the way things are looking that figure can only go up," explained Cluley. "As the social networks grow in size and power there will be more and more hackers attracted to commit crimes via them."

More details about the attack can be found on Graham Cluley's blog.