Tuesday, January 6, 2009

Catching a Twitter Phish

For the uninitiated, phishing is putting up a site that looks just like the one that you would normally visit everyday, and collecting your username and password as you enter it on the phishing site.

Recently Twitter has attracted a new phishing scam. When you click a link and get directed to what looks like the Twitter site, and enter your username and password, the phishing site uses your identity to post links on Twitter. The idea behind the phishing scam is that people are more likely to open links that they get from their friends than from complete strangers, and the phishing site gets paid for directing traffic. Twitter is an easy target because it converts URLs with TinyURL.com so you can't see the actual URL till you click on it.

The URL of the Twitter phishing site is http://twitter.access-logins.com/login/ while the actual URL of the Twitter site is http://www.twitter.com

No comments: