Twitter Still Attracting New Users, Phishers
The most recent example: A new wave of phishing attacks, which are generally–but not always–sent via the service’s “direct message” feature. And which generally–but not always–feature language like “LOL is this you” in the message.
Like most phishing attacks, this one has some telltale signs, if you’re the kind of person who’s inclined to see them. There’s the odd text in the message itself. And the “bzpharma” text that appears in the URL address is a big giveaway.
But! As with many other phishing attacks, if you’re not looking for this stuff or you’re just clicking quickly, it’s easy enough to get duped. The fake Twitter homepage created by the phishers looks real enough, as does the “fail whale” message you get after entering your info.
One easy step you can take to arm yourself against this kind of thing: Follow Twitter’s “Spam Watch” account, which does a decent job of keeping people informed attacks like these. But while that account has 148,368 followers, and tends to get retweeted a lot, the majority of Twitter users still won’t learn about this stuff in advance. Maybe it’s time for Twitter to build some equivalent of the emergency broadcast system.
Meanwhile, if you don’t like reading, the video below from the Sophos security firm (via Mashable) gives you a good idea of what this is all about.