Neither. Or both. It depends on whether you think it is authentic or fake.
Twitter users are facing yet another attack, this time a phishing threat. A spamming operation previously flooded users of the social networking and micro-blogging site with follower notifications which led to spammy and bogus profiles.
Cyber criminals are now exploiting Twitter’s Direct Messages function, instructing users that pictures of them were seen on another website, and the link is provided in the same message. A variation of this baiting technique informs users that the same website offers a free popular mobile phone.
Figure 1. Sample Twitter update feed with an unsolicited update
The link provided in the messages have the domain twitterblog(dot)access, which appears to be somehow related to Twitter itself. Interestingly, clicking on the link redirects users to a bogus Facebook login page, one that looks convincingly like the original.
Figure 2. Embedded spam link leads to this page (above)
Any login credentials provided are logged and stolen. To hide the theft, phishers designed the page to give the appearance of processing the submitted information. Once submitted, it then displays an error message, and then loads the legitimate Facebook site, as if nothing happened.
Facebook credentials were also the object of a phishing attack back in September. Other Facebook-related Web threats include:
- Facebook Picture Joke Connives with Email Harvester
- ‘Bad Blog’ Can Give Facebook Users More Than a Bad Name
- Facebook Mystery Friend? No, Malware.
The Trend Micro Smart Protection Network already blocks the phishing site, protecting users from information theft. Users are strongly cautioned against logging into sites where they are redirected to/from spammed links. Checking browser address bars for the proper URLs helps in verify the proper site, too. URL inconsistencies should immediately be a warning of fraud.
Earlier today, in an unrelated but equally troublesome attack, a hacker seems to have found their way to the Twitter accounts of some thirty-plus personalities (including Fox News, President-Elect Barack Obama, CNN’s Rick Sanchez, and Britney Spears). This security breach forced Twitter to lock down the accounts and investigate the issue. Considering cybercriminals’ propensity to ‘go where the money is,’ micro-blogging has indeed hit mainstream.