Security Authors: Yeshim Deniz, Adrian Bridgwater, Sharon Barkai, Imran Akbar, Elizabeth White

Related Topics: Web 2.0, Security

Web 2.0: Blog Feed Post

Example of a Twitter Phishing Attack

Looks like there is a lot of Twitter phishing going around right now

Looks like there is a lot of Twitter phishing going around right now. I got a strange DM on Saturday, which contained a URL constructed to look like a Facebook page:

The link itself was to a shorted t.co URL, in this case: http://t.co/xXJ3JBr

This redirects to a page being served out by apps.facebook.com. However, it frames a page which is being served out by wow.freshtweets.info (WHOIS info), a domain registered by someone in Miami. A traceroute shows that the content in the frame is served from a server located in Russia. You can see the framing below, it is quite convincing:

Presumably, if you enter your Twitter username and password here, your own Twitter account is used to send these DMs. Clever, but nasty.

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.