Phishers target Twitter
Posted on | January 5, 2009 | 1 comment
Phishers unleashed a concerted attack on Twitter users this past weekend, once more underscoring how cyber criminals invariably transfer their tried-and- true scams to any Web-based service that attains mass popularity.
A variation of email phishing, the Twitter campaign involved the mass spreading of direct Twitter messages, purporting to come from friends, and directing the recipient to click to a Website with funny pictures or with free offers like this one, which used the iPhone as bait.
“Having hacked into some Twitter accounts it appears that the criminals then used the Twitter identities of their victims to pass on the message to even more Twitter users,” says Graham Cluley, Sophos Senior Technology Consultant.
In addition to harvesting valuable personal data to sell in criminal markets, these phishers apparently are on the lookout for any celebrity logons they can snare as trophies. CNET is reporting that CNN anchor Rick Sanchez, a Twitter-aholic, fell for the ruse.
CNET reports that Sanchez’s Twitter account displayed the hacked message “i am high on crack right now might not be coming into work today.” Other celebrity Twitter users hacked and mocked: Bill O’Reilly and Britney Spears.
Comments
1 Comment »
RSS feed for comments on this post.
It turns out that Britney Spears, Rick Sanchez et al, did nothing wrong and weren’t phished for their account details.
Instead they were the innocent victims of a security problem at Twitter, where one of their staff had chosen a dictionary word as her password, and so hackers were able to brute-force their way in.
Using a dictionary word is never a good idea, as explained in an “amusing” video here:
http://www.sophos.com/blogs/gc/g/2009/01/14/breaking-twitter-accounts-dictionary-password-attack/
Comment by Graham Cluley, Sophos — 1/22/2009 @ 10:56 am