lørdag 20. februar 2010

Twitter phishing attack in progress — how to block it

If you receive a direct message on Twitter that says, “lol, is this you,” don’t click it. The link will allow a Twitter phisher to take over your account.
The phishing messages look like this:
“Lol. this you?? http://ping.fm/OEDGY

Warnings of the attack began circulating on Twitter in the U.S. on Saturday afternoon. “The attack appears to be utilizing the SmartName domain parking service, which allows redirects to third-party sites,” said Jesse Stay, founder of the SocialToo Twitter enhancement service. “The DMs appear in the form of a legit URL, followed by something to the effect of ?rid=http://ping.fm/BKEM7 in the URL. Those URLs redirect to the latter URL, which is a phished site that looks like the Twitter login page.”
Stay was happy to point out that SocialToo’s automatic spam filtering for Twitter direct messages blocks the attack automatically for his customers. As of 6pm Central time in Stay’s native Salt Lake City, he said SocialToo had blocked more than 600 of the messages. “To enable the Phishing protection on SocialToo,” he wrote, “users have to either enable the DM E-mails in their preferences (these replace Twitter’s DM E-mails and will be a premium feature in the future), or create at least one DM Filter in their preferences.”
“These numbers are still going up as we speak,” Stay added, “so Twitter has still not put an end to the problem.”
Tags: Twitter

Ingen kommentarer:

Legg inn en kommentar