Another round of phishing hits Twitter

Share this article:

After last week's phishing attacks on social networking sites, yet another round has struck Twitter.

The latest scam involved messages coming from a site called “TwitterCut,” which were posted to users' Twitter streams and purported to guarantee an increase in the number of their followers. But once the link was clicked, the victims were directed to a site that requested them to login with their Twitter credentials. If they did, the site siphoned their list of existing followers and sent similar messages to all of them, along with links to a paid dating service.

Twitter, in acknowledging the problem, posted a note on its status page Tuesday night that said: “We are currently pushing a password reset on accounts we believe may have been caught in a phishing scam.”

On the TwitterCut website, the site operators denied that they had engaged in any phishing, and announced that they were shutting the site down.

“According to several social network blog sites, TwitterCut has been the bud of several rumors,” a message on the site said. “Our website and its programmers can assure you that these rumors are not true and that TwitterCut is simply a Twitter train that was a work in progress!”

The meta content of the site, however, still contains a claim that says: "Need more followers on Twitter? We can promise you thousands or more followers. Come visit us now!"

US-CERT lists a number of ways to avoid being trapped in phishing scams, including not sending information over the internet before checking a website's security and paying attention to the URL of a website (malicious websites may look identical to legitimate sites, but with a variant URL). Another tip is to install and maintain anti-virus software, firewalls and email filters to reduce phishing traffic.

Last week's round of social networking scams involved FackBook messages to users that appeared to come from their friends, but linked to bogus websites, and scammers who created a fake Twitter login page to harvest user credentials.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.