The scope of the most recent phishing attack was unclear Tuesday morning. Bloggers, some of whom have posted photos of their correspondence with Twitter about the scheme, report that fake e-mails and direct messages on Twitter are being passed around to point people to phishing sites.
Online scammers increasingly are targeting social networks since they generally don’t have the same kind of security protections in place as e-mail accounts, said Graham Cluley, a senior technology consultant at Sophos, a security company.
“This is the next generation of attacks, really,” he said.
“If you receive a direct message or a direct message e-mail notification that redirects to what looks like Twitter.com — don’t sign in. Look closely at the URL because it could be a scam,” he said.
One common scam URL, the post notes, looks like this:
http://twitter.access-logins.com/login [Do not visit this link]
If you are directed to that fake site instead of http://twitter.com, Stone says not to enter your password. Look at the address bar in your Web browser to tell for sure.
The goal of a phishing scheme is to lure a person to give away his or her password information, and then use that information to get sensitive info from a person’s social network, he said.
Social networks allow phishing schemes to spread rapidly, Cluley said, because some people have very large online social networks, and because many people let third-party sites access their Twitter and Facebook accounts to offer additional services.
See Full Article via CNN