Recent trending twitter spam leading to phishing attack found, it appears that bots or compromised Twitter accounts are being leveraged to deliver spam text to Twitter users, with a Tumblr link that directs to a phishing location.
The fraudulent tweets captured by the security firm purport to reveal a “strange rumor” about the potential victim, in a Tumblr post.
As soon as the URL is accessed, the user is informed that the Twitter session has been interrupted and that signing into the account again should solve the problem, experts words.
“The campaign was highly active at times, with more than 200 messages being sent in ten minutes, the attack was recorded to be carried out for at least six hours”. says Christopher Boyd from Malwarebytes.
Simply taking a look at the web address the message originates from reveals the fact that behind the apparent friendly request is actually a scam designed to collect Twitter credentials; lack of an encrypted connection is a dead giveaway that something is not right.
So users should be aware and avoid being cheated and directed to phishing sites. As suggested use strong passwords and be safe.