There is a new phishing attack which has hit Twitter and I thought it would be important bit of news for our readers who are on Twitter. The attack spreads through a tweet with the text message “This You????” followed by a link. Clicking on the link spreads the phishing attack and makes your account details vulnerable.
How it works?
- In your Twitter time-line you will receive a tweet with the text message “This You???” followed by a link.
- You might think of it as a harmless link and click on it.
- It pulls up the log-in page for Twitter. Most people do not look up at the address bar if the page is Twitter or some other URL.
- Person entering the account credentials is actually sending it to someone else. Once done with that it can end up sending a tweet using your credentials and hence spread further.
- Ideally for a open and public forum like Twitter you should have a user-name and password different from your other more protected websites like Facebook, Gmail etc. Short URL’s do pose a threat as there is no way of knowing where they might lead you to. You can read on how to check where a short URL might lead you to by clicking here.
In case you feel you are subject to such a attack best way to curb it is to change your password. That can stop it from using your account for spreading the phishing attack on Twitter. Have you faced such instances of phishing attacks on Twitter? Do let us know through your comments.
Here is a demo video created by Sophos.