Twitter Phishing Scams Spread Through Direct Messages

"I'll Be Back", the famous words of Arnold Schwarzenegger in "The Terminator" movie, is more of a common nomenclature of recent Twitter attacks, they keep coming back.

New Twitter attacks are underway through direct messages sent via the popular social network. Reports are circulating of Twitter tweets that lead to a fake Twitter site or video web page to spread malware. An example of the Tweet is similar to figure 1 below.

Figure 1. - Malicious Twitter tweet with a link to a fake video web page. [source: PCMag]

Twitter has had a long drawn-out history of attacks from cybercrooks hacking into administrators' accounts, to malicious worms spread via messages on Twitter. Now it is direct messages sent from users that a person follows on Twitter.

Some of the direct messages found to include malicious links read similar to the subjects below.

• "lol this is funny"
• "you're on this vid"
• "haha this is funny"
• "i make $300 a day online with…"

Although the words above may be enticing to read in a direct message from someone that you follow, it could redirect you to a phishing site created by hackers for the purpose of spreading malicious software that could compromise your system. You must remember that direct messages are copied to your email as well as the Twitter account. If the message includes a link, you could very well receive it on your email account and accidentally click on it.

Twitter users should be cautious of any direct message received from another Twitter user, especially if it has a link, even if it is from a "friend" because their Twitter account could be compromised. It is also a good idea to change your password if you feel that your Twitter account is under attack or you notice suspicious activity.