Blog Archive

Monday, 25 October 2010

Twitter phish aims for the big players

Over the weekend we saw a link being pinged around in various chatrooms, which was directing users to a “mobile” version of Twitter. The page was a phish located on a free webhost:

fake mobile twitter page
Click to Enlarge

What particularly caught my eye was when I dug around on Twitter itself for the URL. Check out these posts from 2009:

phishing for logins

We have a Twitter account with “Facebook” in the name (a dirty big clue that something isn’t right here), sending out links to a “lighter version of Facebook”…which takes you to the fake Twitter page.

I’m sure it made sense to the creator at the time, but anyway. This was a clear attempt to grab some high profile accounts and use them for shenanigans:

Sapp

Warren Sapp, retired American Football player.

Sudol

Alison Sudol, singer / songwriter with a rather large follow count.

Wentz

Pete Wentz from the band Fall Out Boy, with an even bigger collection of followers.

It doesn’t look like any of them ever sent out spam, infection or phish links so hopefully they didn’t take the bait – there could have been a bit of a Fall Out (oh ho ho) from that eventuality. The phish URL had quite a bit of action going on:

fake logins galore

Fake Facebook and Twitter pages, along with a stolen password page for each. Luckily neither password dump appeared to have any valid accounts in them – everything we saw was either random garbage or humorous and entertaining messages left for the phisher, usually with a record number of swearwords thrown in for good measure.

Of course, we’ve reported all of the above and while the rogue Twitter account is still live (though probably not for long), the URL it happens to be pointing to looks like this:

404

Click to Enlarge

“The site in question was violating our ToS and was removed”.

No kidding.

Christopher Boyd

No comments:

Post a Comment