Twitter Email Spam Phishing Attack
The following image shows one of the offending emails, as received by a colleague.
It appears to be a direct message from Lucy Holmes, who is suggesting she can’t stop laughing because the facial expression she’s seen in a photo of you is priceless.
Obviously the idea is to trick you into wanting to see said photo. So if you click on the link in the email, you end up at a web page that looks like this:
Yes, you’re being asked to logon to your Twitter account. But of course you’re not actually on the Twitter web site, but a scam one – itwitier.com. So if you provide your account details by logging on here, the bad guys will have them. Thus they’ll have complete access to your Twitter account.
It gets worse. There’s every chance the bad guys will try to use these account details on other important accounts. So if you’ve been naughty and used the same details on multiple accounts like Facebook, Twitter, LinkedIn etc., then they all could be compromised.
What to do if you fell victim to this scam:
- Change your Twitter password.
- Verify that the email address for your Twitter account was not changed.
- If you’ve used the same e-mail address and password on other web sites, then immediately check them out and change their passwords.
Thanks to Saurabh Madan for bringing this to our attention.