“Did you see this pic of you?” Phishing Scam Stealing Twitter Logins

new-twitter-logo-tmbThere’s a new phishing scam circulating on Twitter and judging by the amount of phishy DMs we’re receiving, a lot of folks are falling for it.

Tsk, tsk, people. Have we not learned anything from past phishing attacks?

How the Scam Works

Similar to previous scams, it all starts with an intriguing direct message:

Did you see this pic of you? lol [SHORT LINK]

The embedded short link leads to a phishing page that would make anyone believe it were a legitimate Twitter page asking us to verify our account password – IF we never bothered to look at the URL in our browser’s web address bar:

Twitter Phishing Scam: Verify Your Password

Of course, any information entered into the above form would be sent off to the scammer and the victim would be questioning what just happened after being redirected to a (fake) 404 page:

Twitter Phishing Scam: Redirects to Fake 404 Page

After a few seconds, you’ll be redirected to the real Twitter website:

Twitter Phishing Scam: Redirects to Twitter

At some point the attackers will hijack your Twitter account to spam your followers with the same DM that tricked you in hopes of expanding their list of victims.

Don’t Fall for This Scam!

Now that you know how this phishing scam works, here are a few ways you can protect yourself in the future:

  • Do not follow short links without expanding them first. You can use a free service like longurl.org to check the true destination before following a link.
  • Be cautious of links that go to a page asking you to login. You were logged in just a second ago, why do you suddenly need to login again?
  • Always check the URL in your browser’s web address bar before entering any sensitive information. Scammers can fake the look and feel of a website, but the URL does not lie.

What to Do with Twitter Phishing Scam DMs

If you happen to receive one of these phishing messages, it is recommended that you:

  • Avoid clicking on any embedded links.
  • Report the DM to Twitter.
  • Let the sender know that their account has been compromised and advise them to change their Twitter password.
  • Delete the DM immediately.
  • Warn your fellow Twitter users!

Have you seen this scam yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, internet scam, phishing, scam, social engineering, spam, twitter and tagged , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.
  • http://pogue972.blogspot.com/ pogue972

    People who are infected with this exploit and sending out these phishing URLs via DM should be directed to the Twitter help page here to fix their compromised account: https://support.twitter.com/articles/31796

    I recommend reporting the phishing URLs included in the DM to Phishtank at http://www.phishtank.com/ where they will be reviewed and passed on to most major sites and cause the URL to be blocked by most modern browsers and some antivirus vendors.

  • https://twitter.com/brenthoare brent hoare

    This may be more sinister, I got one of these, I did not click the link, certainly did not enter any information on any dodgy page, yet my followers have been spammed with a DM  ”did you see this pic of you” – any idea how this could happen?

    • Marquisa Kirkland

      Have you previously fallen for a Twitter phishing scam? You may want to change your account password and review the list of apps that have access to your account.

  • http://www.highposition.com/ Chris Ainsworth

    I had this scam in my Direct Messages inbox today so it’s definitely still going round.

    • Marquisa Kirkland

      Yes, a lot of users are falling for this scam. :(

      Warn your friends not to fall for it!

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5