Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do Twitter Phishing Scams Herald the End of Microblogs?

Posted by CmdrTaco on from the sure-why-not dept.

An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"

6 of 301 comments (clear)

  1. Re:Innocence? by hannson · · Score: 3, Informative

    Reported Web Forgery!

    This web site at twitter.access-logins.com has been reported as a web forgery and has been blocked based on your security preferences.

    Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.

    Entering any information on this web page may result in identity theft or other fraud.

    Seems like Firefox already has this under control

  2. Re:Innocence? by hannson · · Score: 2, Informative

    Oh and when I ignore it I get:

    Trend Micro Internet Security has identified this Web page as undesirable.

  3. Twitter spam easy to stop by Jason+Levine · · Score: 5, Informative

    Many people who are replying don't seem to use Twitter or even understand really what is going on with the phishing. Since I use Twitter, I'll explain:

    With Twitter, you set up lists of people that you follow. When you follow someone, you can then see their Twitter messages on your main screen (or in your client application if you use one). Everyone else following that person can see the person's messages. People you follow can also send you Direct Messages. These messages aren't seen by anyone but the sender and recipient. In this respect, it is sort of like e-mail only it requires a "trusted relationship" to have been formed first i.e. No spamming from joe_random@somesite.com to everyone_else@somewhere-else.org.

    What the Phishers are doing are sending DMs from compromised accounts telling the recipients about some blog post that they should check out. The recipients (assuming they fall for the phish), see a page that looks like the Twitter login page (but is really on access-logins.com). They enter their username and password and now the Phishers have another account to send DMs from. Rinse and repeat. I strongly suspect that there's a Phase Two in there that involves more than just collecting Twitter account information but so far they are just collecting accounts.

    Stopping it is easy. If you change your password, they no longer have access. People have been outing people who "sent" them DMs (and thus were compromised). If a person doesn't fix their situation, you could unfollow them. This would mean they could no longer send you Direct Messages. As people stop following compromised people, they will either fix the problem or will dwindle to zero followers. Spam stopped. (If only e-mail spam were so easy to stop.)

    And to address the "Twitter is useless" commentary, yes there are a lot of people on Twitter who post inane things. Then again, there are some good posters. (For example, I follow Greg Grunberg from Heroes and love reading his tweets.) I think you'll find that in any online medium. Blogs are like this, web sites are like this, even comments on Slashdot are like this. Choose a random Slashdot article and browse at -1. You're sure to find many worthless comments for every worthwhile comment. As for Twitter, I tend not to follow the inane Twitter posters, so I don't see those posts in my Twitter-feed. Like any online tool, Twitter is only what you make of it.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  4. Re:Let's hope so by Garridan · · Score: 2, Informative

    What's that you say? There are pornographies which involve tits on the internets? Society has truly reached a new low.

    (tardclue: I don't think you need to "Rule 34" tits)

  5. Ditch IE, be smart, be safe. by Sparr0 · · Score: 2, Informative

    Is this the end of people logging into random web pages that are not the page they asked to visit? Or the end of people using web browsers that will install malware without your authorization just by visiting a web page?

    Clicking a link should never be dangerous.

  6. Re:Innocence? by MadUndergrad · · Score: 3, Informative

    "The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents. We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far. The sciences, each straining in its own direction, have hitherto harmed us little; but some day the piecing together of dissociated knowledge will open up such terrifying vistas of reality, and of our frightful position therein, that we shall either go mad from the revelation or flee from the light into the peace and safety of a new dark age."

    -H. P. Lovecraft

    Credit where credit is due.