Gadgets Portal
 
SPONSORED BY
Sign up for the weekly gadgets newsletter and get all the news and reviews delivered straight to your inbox.
VIRTUAL PRESS OFFICESTM
(011) 807 3294   itnews@itweb.co.za | Advertise on ITWeb   Fri, 24 Oct, 13:32:14 PM

Phishing scam targets Twitter users

The malware is probably intended to steal login credentials from Twitter users, says Kaspersky Lab's Timothy Armstrong.

Malware is doing the rounds in the Twittersphere in the form of a malicious link contained in a direct message (DM).

The DM says: “Hey what's up with this bad blog that's going around about you?” followed by a link. If Twitter users click on the link, they are taken to a page that mimics the Twitter login page. Once users' login details are entered into this site, their accounts are compromised. The compromised account then sends the same DM to other Twitter accounts that are following it.

Timothy Armstrong, virus researcher, global research and analysis team at Kaspersky Lab, says the page users are directed to is a phishing page. “In this case, it appears that the intention is stealing login credentials from legitimate Twitter users,” he says. He adds that the login credentials are used to further spread the attack, through direct messages to the infected user's followers.

“In fact, this particular attack even redirects users to a fake 'site stability' page to further convince users of the authenticity of the phishing page,” Armstrong adds. “All the links on this page, with the exception of the RSS link, go to their legitimate Twitter counterparts. The RSS link leads to a dead page,” he says.

Armstrong says it is difficult to track these attacks to a source. However, he says they are usually orchestrated by organised cyber-criminals, and they originate from all over the world.

What to do?

According to Armstrong, the best defence against these sorts of attacks is common sense. “Never click on links from friends if they were not requested or look suspicious. If you are concerned, ask the sender about the message through another medium such as e-mail or instant messenger, or even give them a phone call,” he suggests.

AVG says Twitter users who have fallen prey to the scam should take the following steps:

1. The user should change his/her Twitter password.
2. The user should verify that the e-mail address for his/her Twitter account was not changed.
3. If the user used the same e-mail address and password on other Web sites, then he/she must immediately check out of these Web sites and change his/her passwords.
4. If the user's Twitter account is sending out phishing messages, he/she should also visit the Applications tab in 'Account Settings', and Revoke Access for any third-party application that he/she does not recognise.


Our comments policy does not allow anonymous postings. Read the policy here




 
 

 

 



 



Retro Pi
Matt Brailsford has turned a cassette player into a Raspberry Pi Spotify media server, complete with a near-field communication reader that links to NFC tags on cassette tapes.

Copyright (c) 1996 - 2014 ITWeb Limited. All rights reserved.
Would you like to see your news here? Contact us for more details at itnews@itweb.co.za

Striata Rackspace Sophos
 
 
  Newsletters

Our free daily and weekly newsletters offer the latest IT and telecommunications news, information and commentary.
  IT Directory

Our annual online ICT Directory. Click here
  Brainstorm

ITWeb Brainstorm is a monthly magazine for decision-makers and other intelligent people. Brainstorm offers content on burning business issues that is fresh, controversial, independent and valuable.
 
Follow ITWeb
 
careerWeb iFashion myDigitalLife defenceWeb Copyright (c) 1996 - 2014 ITWeb Limited. All rights reserved.

STAY INFORMED!



Sign up for ITWeb's free eNews newsletter today to receive all the day's need-to-know ICT happenings.