A new phishing attempt has been circulating tonight that’s being distributed through direct messages. If you receive a direct message like this, delete it immediately. Do not click the link.
The direct message will include the following text and link:
hey! check out this funny blog about you… jannawalitax.blogspot.com
As a measure of courtesy, you might want to inform the user who sent it to you that they’ve fallen victim. You can send them a reply or a direct message, whichever one you feel is more effective.
Protect Yourself
The link will take you to a site that looks very much like Twitter - but it is not. It’s a third-party site (twitter.access-logins.com) that just wants your password so it can spread further.
It’s important to note that you should really treat direct messages like you treat email. As always, we advise practicing caution when using your Twitter credentials. If it looks suspicious, it probably is.
Oops! I clicked on the link, now what?!
If you did log in at the phishing site, change your password immediately. Without a valid password, there’s nothing the phishers can do on your behalf. Unfortunately, there’s not much else you can do right now. If we hear about an official point of contact, we’ll list it here.
Twitter’s On It
Biz Stone tweeted earlier that the operations team at Twitter is working on the issue, so expect to see a resolution fairly quickly. There’s also a post on the issue on the Twitter Status blog. We just wanted everyone to be aware of the issue before it affects you. We, and many others, have sent out warnings through Twitter – please do your part and retweet or redistribute the link to this article.
Update: It looks like the phishers are also hitting Facebook, as pointed out by @jamescarr (via @hillabean). Beware of anything linking to access-logins.com. Rob also pointed out that Firefox is reporting anything at that domain as web forgery.
Update 2: Twitter has a great post on their blog about what phishing is and what you can do to avoid phishing scams.
A user sent me a "blocked by Google" image, so Google at least won't even let users hit it, which is good.
I am very disappointed in Twitter's warning. It leaves a whole lot to be desired. I love Twitter so much I practically live on it and am making an app for it myself, but as a former user experience manager who managed the documentation dept. and had her fingers in the customer support pie, to say "look closely at the URL to see if it’s not really Twitter but a sketchy phishing site like twitter.access-logins.com." is simply NOT going to cut it. Right now, there are facts and fallacies spreading like wildfire around Twitter, and constant updates and new information ought to be at this link http://status.twitter.com/post/68196572/dont-share-your-secret-info and continuously be updated until the issue is resolved and no more users are being DM'd!
Reply · PermalinkI'm concerned there is a bigger story here, and that this was pretty well planned out in advance. Some of my followers that have some insight into the api and security issues believe this could have been the master plan of someone who had already collected some id/pw's in the past. People are feeling secure if they didn't click the link or give out id/pw (to THIS site) but how many Twitter-related sites HAVE they given them to? And what if one of those people is responsible for this now? That is speculation, but something that is very much on my mind. The domain in question has been in existence since 12/16... will it be shut down? http://whois.domaintools.com/access-logins.com
A follower who freely admitted she had fallen for the fake link had lost followers, and had to go back in and find and follow them. I had never unfollowed her, and yet when I went to send her a message, noticed she was unfollowed. What does this mean??? I never gave my info to the fake link, today, but I HAVE given it to numerous twitter-related apps up to this point.
The phisher is still active!!!! Now twitter.access-logins.com goes to what I PRESUME is a fake Facebook page, and the latest message (that is a scam) to go out is this: Hey, i found a website with your pic on it... LOL check it out here twitterblog.access-logins.com does also.
Reply · PermalinkI have received 3 of the suspect DMs. Two proposed to link me to a site with a funny picture of me and the first had a funny mention of me at a blog.
The last is from a new follower. There's no web site but there were about 3o or more messages in their Twitter stream. I would guess they are legit.
The other two are from people that I am sure are legit Twitterers. One is new but had a dynamic web site that is now down. Whether this is due to the phishing or not I do not know. It was up this morning.
The other is well known on Twitter with many thousands of followers. At #phishing there are reports of other Twitterers who IDs are now being used.
People continue to Twitter away. I've been contacting people who have not been online tonight to warn them, but this needs to make it to a larger news source so the warning will be well known.
Judy Rey Wasserman
Reply · PermalinkMy question is, who has the authority to shut the domain name? or to blacklist his IP address? or whatever else can be done to stop him from doing what he is doing? I know Firefox is now blocking the domain based on web reports of suspicious activity, but beyond that I'm not sure that anything can be done by the average user.
The main lesson out of all of this is that people need to be more careful online. Though there are plenty of respectable, trustworthy sites to use and pass credentials to, there are others that aren't. Out on the web being suspicious of sites like this has been drilled into our heads (think back to phishy emails from eBay or PayPal asking for your credit card information), but for some reason people aren't thinking the same way about Twitter.
The fact of the matter is that issues like this will always exist and they'll continue to happen as Twitter grows in popularity. In response to this however, Twitter ought to implement a more secure way to access these third party resources rather than directly submitting your username and password. Places like Friendfeed and other services have developed ways to do this, but for some reason Twitter has been a laggard on this front.
Reply · PermalinkThank you for this excellent article. I will tweet it to spread the word.
Reply · PermalinkThanks for giving more information on this pesty problem of one of my favorite social media sites. I had about a half dozen DMs with the same message. Rather than unfollow the unsuspecting follower, or click on the link, I just sent them an @ msg so that they could change their password and/or take any other precautions rather than lose all their followers. This post helps people to understand what happened.
Reply · Permalink