Twitter Gains Upper Hand on Latest Scam

As hoaxes and scams flourish on the Internet, it has been observed by some experts in social media that it has infected the Twitter community as well. The most recent scam appeared on twittersblogs.com where a phony blog was hosted, which was spotted by Masable tech blog. It seems that there were tweets including links to the site which had the message "omg!! Is it true what they wrote about you in their twit blog?" and which has disseminated throughout the net quickly.

Within the Twitter Deception

Apparently, by clicking onto the link of twittersblog.com, the user will be brought to a webpage that is designed to appear precisely like the log-in page of Twitter - which in fact is really not the Twitter log-in page. Once the user enters his or her username and password on the fake webpage, this information is directed to the hackers. This information will enable the same hackers to log-in to the user's account on Twitter and use it in any way they want to.

At this moment, it is suspected that the fake site primarily uses the compromised accounts to multiply the phishing links in a broader scope, and nothing more. But the real reasons behind this bogus site in not fully comprehensible yet.

Trying Out Twitter

For the time being, Twitter has not yet publicly announced the scam on its official site or status update page. However, upon initial testing on the twittersblogs.com website using a mock-up account, the phishing tweet was not delivered yet.

Further, in Tweet Search, the last tweet to have the original message was sent quite a few hours ago. This indicates that the technical team behind Twitter could have already blocked the efforts of the site. For now, since the spread of the scam has ceased, the links remain strewn across the Twitter community and network. So even if any user clicks on the link and enters information now (even if belatedly), that same user's account may still become compromised, even if there is no re-tweet of the message.

As additional information, if helpful at all, is that the twittersblog.com domain is registered under the name of a 'Matt Smith' of New York City as maintained by domain name service records. The address and phone number of this 'Matt Smith' do not seem legitimate. The web address is now acknowledged as a suspected phishing site by Google Chrome and Firefox.

War against Phishing

This is not the first time that Twitter has encountered phishing attacks of a similar nature. Other sites, like social network sites such as Facebook, have been targets to these phishing expeditions as well.

The upside is that there are ways that you, as a user, can protect yourself from these phishing attacks. As a user, you should be cautious and conscious about where you click. You should also practice extra vigilance and care when providing your password. For instance, if in your browser's address/URL bar it does not indicate 'twitter.com', then most likely you are not on the authentic Twitter page. Manually navigate back to the real 'twitter.com' before even considering revealing any private information. By being prudent and watchful in your surfing activities, you'll most likely be able to protect your information and prevent yourself from being a victim to identity fraud.

Resources:
http://mashable.com/2009/05/30/juste/
http://chris.pirillo.com/phishing-scam-spreading-on-twitter/