Phishing Scams finally hit Twitter!
Ever been Phished on Twitter? Get ready to.
You might receive a message similar to this:
Going to this page causes a redirect to this lovely site: http://twitter.access-logins.com/login/
Wow, that looks like the Twitter login page, however it isn’t Twitter.
Don’t enter your credentials, for you begin to enter into the world of being Phished!
Simply clicking on each of their links results in a broken page as well (That’s not very good phishing!)
Not Found
The requested URL /about was not found on this server.
Even their SignUp link is broken!
Once you enter your credentials you’re passed on to the Twitter.com mainsite and are able to see the basic information you’d see as if you were logging in to twitter.
I created a test account specifically to bring you that information :)
So, beware, and be sure not to visit this site and enter your credentials.
This is REAL Phishing in motion!
FYI: When this operates correctly, it appears to operate in an almost “Worm-like” fashion by infecting one person and then sending the payload “Auto-DM” to everyone that is following the person, so on and so forth while it spreads itself through the interwebs.
I’m still trying to self-infect a test account in order to see it in action, but so far on luck!
Thanks for taking the time and creating the additional Twitter account to figure out what this Phishing scam is about. I RT’d the link to this post.
Sincerely,
Bradley
@OutsideMyBrain
Thanks for the work. I received a dm from a friend and followed it but stopped at the login because it seemed suspect. This seems to be fooling many. I will be interested in finding out the motive if any.
@johnflurry
Firefox seems to be working quite diligently because visited the url pops up the infamous This web site at twitter.access-logins.com has been reported as a web forgery and has been blocked based on your security preferences.. At least for now you know that users who use Firefox (and probably Chrome) won’t have to worry about this tactic.
One major benefit of this scam: I found your blog while googling it! I enjoy your coverage, and I’ll be subscribing :)
@ Jordan: Both Google and OpenDNS blacklisted the website soon after Twitter notified them of the events happening. I guess most users should be somewhat protected against the scam by now, regardless the browser they’re using.
Thanks for another excellent post. Where else could anyone get that kind of information in such a perfect way of writing? I’ve a presentation next week, and I am on the look for such info.
Harishankar Singhania Elastomer and tyre research institute at Hasetri is perfect for characterization of cloth and compound.