The new phishing attack is also spreading rapidly. And this time the victims are also big. Among those who fell victim were the Press Complaints Commission and the BBC correspondent Nick Higham – and the Guardian’s head of audio Matt Wells. A few hours ago, we also knew that Ed Miliband MP, British Secretary for Energy and Climate Change, has also had his Twitter account hacked. An invitation to find out about better sex is spreading virally around Twitter – but only leads to identity theft and malware.
This new phishing attack spreads via messages such as “This you????”, followed by a link to a fake Twitter login page.
Although the phishing attack was widely reported on, and Twitter itself alerted to it on their official blog, many users are still falling prey to the attack.
The rule of thumb, as always is: do not follow suspicious links, and never enter your Twitter credentials if you’re not absolutely sure it’s safe. If you think your Twitter account may have been compromised, you should change your Twitter password immediately.
Twitter’s status blog last night warned
“While simply receiving this message does not mean your account is compromised, if you do click through and enter your username and password, you’ll want to change your password. If you’ve received this type of spam from a friend, you may want to alert them to change their password.”
According to The Guardian:
The purpose of the attack, which began early on Thursday morning, is initially to draw people to the sites that hijack the accounts, and possibly install malware able to steal passwords on the user’s computer. Another purpose may be simple identity theft: because people often use the same passwords and usernames on multiple services, getting access to one service can provide access to others too.
But in the longer term, the purpose may be to put the infected sites into search engine results.
Such “phishing attacks” are increasingly common on both Twitter, where URL shortening – usually required to make standard URLs fit into the 140-character limit of the service – makes it harder to guard against dangerous links.
Account-shortening services such as bit.ly can block dangerous links, but only after they are alerted to them. The other option is to inspect the link before clicking on it – which the Twitter web page and Tweetdeck, a cross-platform program, do allow.
Graham Cluley of Sophos has posted a video showing how the hack is done to anyone incautious enough to click on the link. The site hosting the attack that Cluley points to is kevanshome.org, which is hosted in China; and the front page of the site is an exact copy of News Corporation’s MySpace – even down to the copyright notice.