If you have been active on Twitter today, then you are likely to have noticed or heard about the mass numbers of DMs, or Direct Messages, that people are receiving.
It all started with a number of DMs going out saying “hey look at this funny blog http://rosalierebyb.blogspo…”.
When visiting the url, users were forwarded to a Twitter login page that was not actually from Twitter.
The whole thing was a phishing scheme meant to steal a users login information and then mass DM all their followers with the same message seen above.
The word about the phishing scheme was spread quickly and Twitter even promptly posted a warning at the top of each page right under the “what are you doing” box.
The linked website in the message was quickly removed from Blogspot.
After word was spread about the initial phishing messages, the attackers quickly changed the message to say “fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-…”
Again the message was quickly passed throughout Twitter to avoid visiting the page at http://twitterblogs.access-logins.com/login/, and if infected to change their passwords immediately.
Unfortunately the phishing website was not taken down and people continued to attempt logging in.
Within the last hour, a mass of DMs are starting to go out again. This time they are not linking to the Phishing site, but rather an affiliate offer to win an iPhone.
Here is what the affiliate site looks like:
It would appear that all the phishing attempts were an effort to access enough accounts to send out this iPhone offer.
What are the odds that the affiliate company is going to actually pay the affiliate on this one…
Worse than a typical affiliate offer, the free iPhone site asks for your cell phone number. I expect people who give their information will get billed for $$$ dollar on their cell phone.
If you’ve not been exposed to it yet, you might be surprised at the blackhat business practices involved in getting people to sign up to mobile content and services that they had no intention of purchasing. $9.99 a month and you’ll have a fine time stopping it, a harder time recovering the first $9.99
Don’t give just anyone your cell number (unless they need to call you, of course)
Hey Brent, I loved that you have brought up this new pishing problem to the public. In last days I was receiving very same spam DMs. Luckily, the Firefox browser has already blocked that web site as malware. Additionally, I always report Twitter spam to Twitter HQ and block that Twitter profile from my profile page.