Phishy Direct Messages Link to Fake Twitter Sign-in Page

A wave of spammy direct messages on Twitter contain URLs leading to what appears to be a Twitter login page, but is actually a phishing site trying to pilfer user login credentials.

A wave of spammy direct messages on Twitter contain URLs leading to what appears to be a Twitter login page, but is actually a phishing site trying to pilfer user login credentials.

The ploy from the attackers in this campaign is a familiar one: “hey, someone is spreading nasty rumors about you [insert URLhere].”

Kaspersky Lab expert David Jacoby received two such messages, the second identical to the first in every way except that the someone in question was spreading ‘terrible rumors’ instead of ‘nasty rumors.’

Jacoby believes the two messages come from the same attacker or group of attackers, not only because of the similar wording, but also because both attacks led to fake Twitter logins with similarly constructed domain-names.

If an unwitting user does happen to enter their Twitter username and password they will be briefly redirected to a 404-type error page before they are routed back to the actual Twitter login page.

Jacoby claims that the attackers are likely using the stolen credentials to find more victims.

Similar attackers are targeting users on Facebook, as well. Whether the two campaigns are related remains unknown.

While methodologically similar, in the end, this attack is actually quite different from another direct message attack campaign we reported on in September. The attack from September linked to a site hosting a backdoor trojan while the newer one attempts to skim Twitter username-password combinations outright.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.