Haha the Look on Your Face in This Pix is Priceless – Twitter Phishing Attack
By on August 28th, 2011

Twitter users are being hit by a new phishing attack where affected users are sending DMs to their friends, which contain links to fake website that looks exactly like the Twitter login page.

If you receive a direct message on Twitter that says, “haha the look on your face in this pix is priceless! [LINK], DO NOT click on it. Clicking on the link will take you to a fake Twitter login page, where you will be asked to re-enter your username and password.

Twitter Phishing Attack

After clicking the link, notice the URL in the address bar of your browser. If a user provides the log-in credentials, the credential will be sent to the attackers, after which they will full control over the user’s account and can retweet the phishing message from that account.

There are a dozen of scams and phishing attacks that occur on Facebook and Twitter every day. We constantly report attacks like this, so that it helps users stay cautioned about it. Recently, another fake message that was spreading on Twitter stated Pics of Osama Bin Laden Are Finally Released

I suggest you to avoid clicking on the link and alert your followers about the attack. If you have accidently clicked on the link  and entered your login details, then change the password of your Twitter and all other accounts immediately. Also, contact your followers to avoid the message and ask them to change their account password as well.

To learn how you can avoid falling victim to a phishing scam and keeping your Twitter account secure, please read Twitter’s official guide to Keeping Your Account Secure. Here are some tips that will help you protect your Twitter account -

  • Use a strong password.
  • Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information.
  • Use HTTPS for improved security.
  • Don’t give your username and password out to untrusted third-parties, especially those promising to get you followers or make you money.
  • Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.

Sophos’ Graham Cluley explains a simple way of creating a complex hard-to-guess password – and how you should never use the same password on different sensitive websites.

Please feel free to retweet this post so that your friends and followers will be aware about the issue.

Tags: , , , ,
Author: Joel Fernandes Google Profile for Joel Fernandes
Joel Fernandes (G+) is a tech enthusiast and a social media blogger. During his leisure time, he enjoys taking photographs, and photography is one of his most loved hobbies. You can find some of his photos on Flickr. He does a little of web coding, and maintains a tech blog of his own - Techo Latte. Joel is currently pursuing his Masters in Computer Application from Bangalore, India. You can get in touch with him on Twitter - @joelfernandes, or visit his Facebook Profile for more information.

Joel Fernandes has written and can be contacted at joel@techie-buzz.com.
  • Febuzaz

    Just want to say the url shown on the picture is deleted.

  • http://seascapewebdesign.com Katy

    Thank you for writing this article and helping to educate users to the harmful phishing attacks that are happening on Twitter. I wrote a blog post describing my experience and how easy it is to get enticed when someone you know sends you a link about a photo of you.
    http://seascapewebdesign.com/blog/do-not-click-link-haha-look-your-face-pix-priceless
    For more Twitter tips, follow me on Twitter @seascapeweb

  • arquicano

    Thanks for the info, but … Is this the only damage?

    • http://www.seascapewebdesign.com Katy

      The tweet pictured above was sent by a malicious hacker who took over my Twitter account. I apologize for this happening and I will be more careful in the future. Attacks like these can happen to anyone.
      I have secured my Twitter account and the problem has been resolved.

  • http://www.seascapewebdesign.com Katy

    Thank you for posting this article. It’s very informative. I followed the steps in this article and changed my password to a more secure one and also turned on HTTPS for my account. For details of my experience being the target of a Twitter phishing attack, see this article: http://bit.ly/nelK7B
    Katy :-)
    http://www.seascapewebdesign.com
    twitter.com/seascapeweb

  • http://hiredgunscreative.com Reed Botwright

    In defense of the victimized Twitter account used as demonstration above, I received no less than 6 spammy DM’s from people I follow within the last two weeks. Especially with all of this cross-service, OAuth-ing of external apps and other places that are asking for your Twitter username and password, it’s no wonder this sort of worm is spreading.

    And the damage could have as easily been to steal people’s credit card or banking information, or even their identities. Luckily Twitter is pretty thin, and unless you are DM-ing your banking and CC information around, you aren’t likely to be putting anything too privileged on Twitter (except maybe some candid photos).

  • http://www.syamntec.com Ryan

    The number one way to secure your Twitter account is to enable SSL. While Twitter’s log-in has always been SSL-encrypted, earlier this year they made it an option to use SSL for your entire session, and this is your first line of defense. This also helps thwart newer attacks, such as Firesheep. At Symantec, we also encourage using two-factor authentication whenever possible. This way, even if someone is able to sniff out your username and password, they still won’t have access to your account without the second form of authentication.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN