Phishing Scam Spreading on Twitter

so, how did you mange to find out that the scam was in china and wouldn’t windows users have some sort of phishing filter???

Thanks for that warning, Chris!

Greets from Germany
Kevin

It’s a bad thing. But what does the API have to do with it?

Yep, I had the same message and reported it to my network: http://twitter.com/karllong/status/1094163038

I think Twitter is in danger of getting crushed by MLM spammers, I wrote this up last month:
http://experiencecurve.com/archives/why-mlm-will-kill-twitter-hint-because-they-have-a-business-model

K

And add these things to http://www.phishtank.com/ so that people (smartly) using OpenDNS can avoid it altogether.

Everyone reading this should visit this site in Firefox, and then click Help > Report Web Forgery. Soon the phishing block list will be updated so unsuspecting users will be warned of the danger.

To me it is facebook so people should watch out for similar facebook scams too I guess. (screen shot as proof http://i43.tinypic.com/23vm3if.png)

yet another reason to use 1Password! :-) Have been using it for over 1 year and am still really happy with it!

Thanks for the warning, and be sure to report em to OpenDNS, also DO NOT VISIT access-logins . com — IT TAKES YOU TO A FAKE FACEBOOK PAGE; YES!! FACEBOOK!

Thank you for the warning Chris!

@SchmotGuy, in this case the phishers use the Twitter API to pass the login credentials along to the real Twitter.com. The user ends up logged on to their legitimate Twitter account, but the phisher/middle-man copies username & password in the process. The victim’s only clue is the fake URL shown in Perillo’s screenshot (above).

Thanks for the info :)

Best way to avoid these kind of situation is to not ‘follow’ everyone! Its just pointless as there is no way you can ‘really follow’ every single one of them..It just causes an information overload and makes this ‘useful service’ not so useful anymore..

If you are not following that person, he shouldn’t be able to send you a DM….Right? So if you follow people carefully, you can actually control how much ’spam’ you get.

Following everyone is like ..giving away your home address to everyone you meet so that they can send you Junk.

If someone has anything important to say to you, they should be able to send you a Public Msg – e.g. @username hay I need to talk to you.

And then you can probably DM him your Email or just follow him for exchanging DMs.

Thanks so much for alerting us, and for responding to my questions on behalf of friends who clicked on the link.

*blows kisses*

Lots of love to you,

Wendi
XOXOXO

whats the point of these hackers seriously they need a life…..

It now leads to a Facebook mock up. Odd change…

1Password still prevents you from giving your information, and I would suggest that people start using Password Managers to avoid crap like this

I completely agree with the comment by @Hans. I use 1password every day and it will catch things like this if you use the service. It is great for generating and storing your strong passwords and will let you know if you are visiting a site that is not the ligit log in site for http://Twitter.com. I would also suggest that users change their default DNS server setting to OpenDNS. OpenDNS will also let you block phishing, and other material that you do now want on your local machine or entire network.

[...] is quickly spreading that there’s a phishing scam spreading on Twitter. Really, spammers? Twitter? Sure, Twitter is awesome and going mainstream but I’d hazard a [...]

You’d have to be a dumbass to click that link, a link to Blogspot, and then not notice you’ve been sent to Twitter. There’s no logical correlation between clicking a blogspot post, one that’s not even shortened even, and going to the Twitter homepage. This isn’t a big deal.

[...] NOT VISIT the URL in question. It will redirect you immediately to a suspicious domain: twitter . access-logins . com – notice the subdomain? Worse yet, here’s what you’d see there [...]

[...] NOT VISIT the URL in question. It will redirect you immediately to a suspicious domain: twitter . access-logins . com – notice the subdomain? Worse yet, here’s what you’d see there [...]

Seems Twitter’s pretty quick on the ball: http://status.twitter.com/post/68196572/dont-click-that-link

Here’s the question of the day. Who thinks it’s a good idea to log in everywhere with your twitter credentials? This is kind of like facebook connect, no? In this case they’re faking that you’re on the Twitter site, so this does not really apply, but it amazes me how trusting the Twittersphere is.

nmap says its doing lots of things

PORT STATE SERVICE VERSION
21/tcp open ftp Muddleftpd
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.2.4
80/tcp open http Apache httpd 1.3.33 ((Unix) Resin/2.1.14 mod_throttle/3.1.2)
110/tcp open pop3 Courier pop3d
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
3306/tcp open mysql MySQL (unauthorized)
4444/tcp filtered krb524
OS guesses: Linux 2.6.9 – 2.6.11

@Ray I get that. But why is that Twitter’s fault? It’s a man-in-the-middle attack, nothing in particular about Twitter’s API being the problem per se. This is the downside of an open system. I’d rather have the open system.

[...] Twitter Users: Direct Message Blog Link Tries to Steal Your Password Saturday, January 3, 2009 A dangerous phishing exploit is currently making its way around Twitter, so be careful which links you choose to click. Tech blogger Chris Pirillo describes the exploit in “Phishing Scam Spreading on Twitter”. [...]

just added your story to Nowpublic.com tech and biz section with a link back here. Thanks for the heads up

Thanks for the warning because i’m always the first one to open spam links… I feel safe now !

API has nothing to do with it… Even it does in fact use the API to do this (how do you know? Is it done via ajax right in the page?), there is NOTHING to stop them from just logging in the same way users do normally and returning information via screen-scraping or putting it in an iframe, etc. The fact is that if you have any sort of public-facing interface to a service it is vulnerable to this type of attack. Banks don’t have a twitter-style API, but they get phishing scams like this targeted at them, too. Inform, report, implement optional white/blacklists, etc., but don’t mistakenly blame the API!

[...] their Twitter account password immediately. For more information of the unfolding shenanigans visit Chris Prillo. You can also follow hash tags #phishing, #DMs, #scam and [...]

Hey thanks for the heads up!
I’m trying to spread your message around on tweeter!

I’ve tweeted about this and it also inspired a blog post on my opinions on 3rd party apps and how they should be open source, so everybody wins! :)

Twitter Phishing ~ 1st Tweets Timeline/Chart… http://tweetip.us/lkto7

This is already blocked in Firefox 3, I get a big Attack Site! warning.

Sounds rather like the “fanebook” scam that I encountered last summer. I went to their site knowing all along that it was a fake just to see what was there. I put in all kinds of fake stuff in the fields instead of my real info. Usernames like F***YOU and passwords like eatsh**anddie, you get the idea. It probably didn’t slow them down for a moment, but it was satisfying to stick it to them in a small way.

Thanks for the heads up on this very important topic Chris.

M. LaRonde

Thanks for this timely article, Chris. Love your blog – I read it often. Great work.

STRONG WORK. Thanks for the heads up!

[...] See his article here. [...]

My advice (not only for this situation): do not click anything unless it’s coming from someone you personally know, or better yet, unless you’re expecting a link from someone you personally know. In doubt, double-check with the sender if the link is safe to click. This is only if you know the sender personally.

In the latest instances with Twitter, people are doing precisely the opposite – clicking links sent to them by complete strangers. Easy phishing prey.

Thanks for this. I did get that DM.

Good to know thanks. Just posted this link for my twitter followers to read. Bah, can’t trust anyone in this life…

Thanks for the heads up. The more people watching out for things like this the better.

[...] Chris Pirillo took the time to track down the phishing domain and has reported them to OpenDNS via PhishTank.com.  Not sure what this will do but it’s nice to know Chris is taking action for all of us! [...]

[...] Phishing Scam Spreading on Twitter From Chris Pirillo Saturday, January 3rd, 2009 at 3:15pm [...]

Thank you for posting this…I got a similar sort of a message from a few Facebook friends – is this the same sort of thing?

[...] Chris Pirillo detailed the phishing scam on his blog earlier today… He received this DM from a phishing accout: hey! check out this funny blog about you… jannawalitax . blogspot . com [...]

[...] screen shot caputured by Chris Prillo) Tags: phishing, Security, Twitter, [...]

I went to the link, typed some bogus stuff, and got redirected to my already authenticated twitter account. Feel free to flood them with bogus info, their domain has no access to your cookies.

Yeah, it’s the same thing that has been hitting people on Facebook. It’s 2009, and users will click on anything. Still.

Twitter has lots of spam who still uses it seriosuly?

I don’t use it anymore – I frequent a Porn forum and some spammers got my twitter information and started pouding me with messages and follow requests asking me to buy some sort of sick twitsted products.

[...] get the direct message in question, you’ll get a message like the following, which Chris Pirillo received.hey! check out this funny blog about you… jannawalitax . blogspot . comGo to that URL, and you [...]

It appears that the twitter community defeated the site, now it’s a facebook fishing site, time to spread this on facebook?

[...] Phishing Scam Spreading on Twitter | Chris Pirillo (tags: twitter security phishing) [...]

Thank you for saying this aloud. Recently, i get more tweet from unknow twitter accounts. I wonder if there is any way to filter those out (some of those accounts are already suspended). But at the same time, i do not wish Twitter to become the monitoring dog for every tweets

This is annoying! Just RT your tweet & http://twitter.com/karllong/status/1094163038 to my followers.

Thank you.
http://twitter.com/kash78

Thanks for this.. seen other twits but no explanation!

I guess even websites are affected due to Twitter …My site bg was changed and I found this:
http://s3.amazonaws.com/twitter_production/profile_background_images/3080822/tweetila.jpg

click just : http://s3.amazonaws.com/twitter_production/ and you find rss feeds? amazon hacks???

I could change main bgs but some pages I updated yet the bg remains!

Is this some promotion gimmick of amazon developer? the url leads to theirs!

Confused me!!!

A different Twitter scam? I have started getting email that (some random computer-generated name) is following me–when I click through to that “person’s” Twitter page they are following not even one Twitter person other than Betsythedevine, e.g. http://twitter.com/gilywu Awww, I feel so special. But wtf is that about?

Thanks for the heads up Chris!

[...] blogger Chris Pirillo reports that the web site is registered in China while the company does acknowledge that a phishing scene is active on the micro-blogging [...]

Thanks for the heads up!
This is nuts, can’t believe people get away with this!

[...] Read the rest of the post [...]

I got one of those DM’s today. Thankfully FireFox 3 warned me that it was a phishing site. Yet another reason to use FireFox!

Chris; thanks for the warning, but its unfortunate that the message appears as a DM – a “secured message: so to speak. The link could also be disguised within a tinyurl (or similar) link hiding the destination completely.

I think its wise not to type in passwords whenever you’re presented with a login screen; as you’ve shown. Always verify the site you are connecting with – if it looks suspicious close it, if in doubt contact the person that sent you the DM.

I am a victim of the phishing DM’s and they are now using my twitter name. I unfortunately logged-in to the phishing and now they sending out DM’s from ‘me’. I have sent out two messages to my contacts and sent back responses to those that have contacted me NOT LOGIN. I have also changed my password. I just want you to know I’m not doing it!

It’s easy to get caught. I received an email and wasn’t logged into Twitter at the time. It seemed okay to login. I am so, so sorry now.

And now, there’s yet another variant. Twitter’s officially a phishing pool: http://www.bwana.org/2009/01/04/twitter-phishing-exploits-are-here-a-new-variant/

Lol, I went to that website a while ago and when I clicked on the Twitter header there, it led me to the fake Facebook!

Maybe I missed an update on this problem being fixed recently by Twitter… but considering I just got a DM with the phishing URL, I think it hasn’t been taken care of.

All twitter needs to do is to add a line of code on the DM form page that checks for blacklisted words, urls, etc. in the message.

For example, if the message trying to be sent includes “access-logins.com” either:

A. Don’t send the message at all and alert the user that the message contained malicious content.

OR

B. Send the message but strip the string and replace it with “malicious content removed.”

*They can also continue to add blacklisted words and urls to this filter over time.

Just checked out the link, and it appears to mimic facebook now.

I have just received my first spammy Twitter DM from *someone I know*! Apparently, the situation is more complex than I thought. Stay alert, folks!! Refrain from clicking on *any* DM links (even if the message came from a trusted contact/follower). Double-check with the sender first.

[...] Here’s why. (amended to please Steve Garfield) [...]

What do you do if you were drunk on Saturday night and filled in your information?

Exactly why you need a password manager folks. If you get suckered into giving your twitter password away — at least it’s not the same one you use everywhere else too.

http://tinyurl.com/online-vs-offline-pwd-managers

Choose and use a password manager please (and tell your friends to do the same).

[...] Phishing Scam spreading on Twitter – This was the first article I read on the Twitter Phishing this weekend. [...]

[...] Chris Pirillo) By Aaron | January 5th, [...]

[...] the phishing scam via Direct Message, as reported by many including Read Write Web, Mashable, and Chris Pirillo.  The victims include Twitter accounts for Barack Obama, Fox News, Britney Spears, and Rick [...]

[...] know. Chris Brogan posted a warning asking all bloggers to change their passwords, which links to a post from Chris Pirillo that describe a number of rogue direct messages with links to a fake Twitter login [...]

[...] Twitter users were lured into giving away their passwords in a phishing attack. If you receive an email notification that takes you to any site similar to Twitter look at the URL [...]

[...] einen Tweet von Chris Brogan wurde ich auf folgenden Erfahrungsbericht “Phishing Scam Spreading on Twitter” von Chris Pirillo aufmerksam. Er schreibt über die ersten Versuche des Phisings bei [...]

[...] large enough and sufficiently integrated into users’ daily online routine to draw the attention of phishers and hackers, who’ve launched apparently unrelated attacks on the micro-blogging site in the last [...]

I often check out DNS records to see where phishing attacks and spam are coming from. Been doing this for at least 10 years now. China is behind most of it and send phishing emails daily. (I get hundreds per day)

Nothing is ever done to stop them and I doubt authorities here can or will do anything about it because as you know just about every product we use in North America comes from China. (smallwares)

The solutions are really fairly simple but that would mean ICAAN would have to take action and we all know that will never happen! These scammers and spammers are all buying their domains from an ICAAN approved outfit. You and anyone else can easily trace domains back to a Chinese acredited register of domains. ICAAN has had thousands and thousands of complaints about this register but does not act.

This phishing domain appears to be registered in China

looks like the domain has been taken down. Bye bye baby. The amount of phishing websites coming live everyday is no doubtly increasing but my question is that is it really worth it hacking into someones twitter account? its not like u are hacking into someones bank account.