Twitter users warned over 'This you?' attack
By Hani Megerisi
Posted on 25 Feb 2010 at 11:32
Twitter users have been warned to be careful of a new phishing scam that has exploded on the micro-blogging site.
Shortened links prefaced with a message asking “This you??” lead users to a fake Twitter login page where users are asked to enter their username and password, which automatically hands the information over to the hackers and spreads the scam through your followers list.
The attack arrives as a direct message, with many people unaware of the dangers of the link as it appears to have arrived from a friend. Other variations of the attack include “lol, this is funny.” and “Lol. this you??”
It harks back to the old days at the turn of the millennium of the original worms
With a substantial number of people using the same password for multiple accounts, and many Twitter users accessing the micro-blogging service by entering their email as identification, the information could effectively be used to access email accounts or other private data.
The Twitter attack “is very much an ongoing trend which we’ll only see continue," said Greg Day, director of security strategy at McAfee Security Labs.
“What’s happening with Twitter is... it's coming from a source you’re not expecting to be dangerous. Something like ‘Is this you?’ is designed to get an impulsive response.”
Similarly, Con Mallon, regional marketing manager at Symantec, said that the ‘this you??’ attack essentially functions “like a worm”.
“It harks back to the old days at the turn of the millennium of the original worms, which went through your Outlook dragging out contacts and emailing them.” He added that “we are seeing the evolution of [these worms]”.
“Obviously, when clicking on links such as these, a lot of security products and indeed browsers have anti-phishing devices which warn you of the link’s danger. This needs to be a wake-up call for this [anti-phishing software] to become more in tune so it can notify people of a potentially dangerous attack,” he said.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
