Phishing Scam Spreading on Twitter

Posted by


A few minutes ago, I received a direct message from one of my twitter followers:

hey! check out this funny blog about you… jannawalitax . blogspot . com

And there’s another one:

Hey, i found a website with your pic on it… LOL check it out here twitterblog . access-logins . com / login

DO NOT VISIT the URL in question. It will redirect you immediately to a suspicious domain: twitter . access-logins . com – notice the subdomain? Worse yet, here’s what you’d see there right now:

Grabup Image

This is NOT the Twitter login page, and it smells completely phishy! Suggestion: do NOT log in to your Twitter account through any site other than Twitter.com. This may go without saying, but consider how many third-party Twitter services you use? Seems it’s about time for some kind of verification / validation for applications using the Twitter API – so you can be sure you’re passing your credentials to the right people. I’m guessing this particular phishing scam is not using the API (but there’s no way for a user to properly verify).

This phishing domain appears to be registered in China, and I’m about to report ‘em to OpenDNS (via PhishTank.com):

Organization : zhang xiaohu
Name : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500

Please, tell your followers to NOT VISIT or LOGIN THROUGH that site! Watch out for these direct messages. If you did happen to visit one of the offending URLs, you should be safe so long as you didn’t try to log into your Twitter account there.