Twitter has become one of the prime targets for phishing and spam attacks, due to both it’s huge growth in user numbers, but also the each with which messages can spread (partly due to the inherent weakness in using short urls).
The latest example is the BZPharma ‘LOL this is funny’ attack, as detailed by security firm Sophos. Messages include ‘Lol. this is me??’, ‘lol , this is funny’ and ‘Lol. this you??’, and include a link which looks like ‘http://example.com/?rid=http://twitter.verify.bzpharma.net/login’ –
with the example.com element varying between a number of addresses.
There’s a handy Youtube video with details of the problem. Links are appearing in both private Direct Messages, and in public feeds – plus some third party services allow DMs to be made public, sharing the phishing attack more widely.
Click on the dodgy link and you’ll go to a fake Twitter login page, which replicates the Fail Whale when you attempt to login, and then redirects you back to the real Twitter page to make you believe your account hasn’t been hit. The same technique is also being used to phish Bebo accounts.
And after the first wave of attacks compromised accounts, there’s now a wave of spam selling herbal viagra, with messages including “Get bigger and have sex longer. go here”
So besides double-checking you’re on the real Twitter site before logging in, keep an eye on your sent messages for any clue your account has been compromised, and also watch out for messages being sent by even trusted friends.
You can also take a look at the full Sophos update on the attack.