(WEB HOST INDUSTRY REVIEW) — A worm associated to a new phishing scam has been making its rounds on microblogging site Twitter (www.twitter.com), spreading throughout the community via direct messages.
The compromised accounts have been sending direct messages to Twitter users they were likely to know.
The tweet includes a link to the ambiguous video clip, “http://videos.twitter.secure-logins01.com”, proceeded by the message, “rofl this you on here?”
Users who click on the link are asked to enter their login credentials via a page that resembles Twitter login page.
Victims of the scam unknowingly give the hackers access to their micro-blogging account, who then use the access to launch another round of phishing attacks.
The phishing attack could potentially be a part of a greater plan by criminals to gain access to their victims’ webmail or other sensitive accounts, as many consumers keep the same password for many sites.
Twitter warned users about the worm in this tweet Wednesday afternoon: “A bit o’phishing going on — if you get a weird direct message, don’t click on it and certainly don’t give your login creds!”
Victims have been advised to change their password immediately, and if they cannot, to contact Twitter support.
The microblogging site has experienced similar phishing attacks in the past, where compromised accounts would send direct messages with a link to a “funny picture”.
