IT security and data protection firm Sophos is warning about the
latest wave of cybercrime spreading across Twitter - a phishing
attack designed to steal login details and hijack accounts.
Messages asking "This you????", followed by a link to a bogus
Twitter login page, have caused such a scare on the micro-blogging
network that the phrase is currently a hot trending topic on the
The attack, which is the latest in a storm of phishing attacks
that have occurred on Twitter since the weekend, is designed to
steal passwords and could use hijacked accounts to spread
money-making spam campaigns, steal identities, and distribute
The "This you????" messages are accompanied by clickable links
which take unsuspecting users to a fake Twitter login page. Users
who are tricked into believing they might see a picture or
information about themselves, may enter their username and password
without thinking about the possible consequences.
"Twitter users have been battered with phishing attacks in the
last few days, all taking advantage of people's curiousity," said
Cluley, senior technology consultant at Sophos. "But if you
click on the link and enter your details you could be taking your
online identity and handing it over on a plate to hackers. They can
then take your username, email address and password and not only
use it to spread more attacks via Twitter - they can also try your
credentials at many other websites - potentially opening your other
online accounts to abuse. Anyone hit by this kind of attacks must
change their passwords immediately."
"Crime on social networks is on the rise, we saw a 43% rise in
the number of people reporting being phished via such sites in the
last 12 months, and the way things are looking that figure can only
go up," explained Cluley. "As the social networks grow in size and
power there will be more and more hackers attracted to commit
crimes via them."
More details about the attack can be found on
Graham Cluley's blog.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.