Don’t click any links inside the email.
In their latest attempt to infect computers with malware, cybercrooks have begun spamming out fake Twitter emails asking users to confirm a non-existent Twitter account.
Here is a copy of the phishing email:
From: Twitter ([random-string]@postmaster.twitter.com)
Subject: Confirm your Twitter account, [random name]!
Hi, [random name].
Please confirm your Twitter account by clicking this link:
Please click here.
Once you confirm, you will have full access to Twitter and all future notifications will be sent to this email address.
The Twitter Team
If you received this message in error and did not sign up for a Twitter account, click not my account.
Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us a Twitter Support.
As you can see, the bogus emails look nearly identical to the actual notices sent by Twitter upon creating a new account with one small difference: the link’s anchor text.
In legitimate notices, the confirmation link would read:
However, the confirmation link in the fake messages read:
“Please click here.”
Jovi Umawing, Communications & Research Analyst at GFI Labs warns that all of the links within the email lead users to malicious sites housing the infamous Blackhole exploit pack, which will attempt to exploit vulnerabilities within Adobe Reader and Adobe Flash in order to install malware on the target machine.
Protect Yourself From this Attack
To avoid falling victim to this scam, it is strongly recommended that you:
- Mouseover all email links to check the destination URL before clicking on them.
- Keep your operating system and installed software fully patched and up-to-date.
- Always run antivirus software and keep the virus definitions current.
If you receive the email, you can report it to Twitter using this form.