The Latest in IT Security

“Curious Who’s Stalking You?” – Yes, we’ve heard it before

21
Dec
2011

This social media “stalking” thing, to the best of my knowledge, all began on MySpace. We’ve seen them emerge on Twitter, too: our friends at Sophos wrote a so-called “app” that Twitter purportedly released to track a user’s stalker. Only this time, no such app is ever involved.

click to enlarge



We’ve seen the tweet above pointing users to the URL, canbin(dot)ru-a domain created just late last month. Once users click it, they are then directed to twvitter(dot)com/user_login-sessions/?timed_out=1. It’s a phishing page.

click to enlarge



There are two things we can take note from it: (1) the URL, which clearly tries to play tricks with our eyes (much like this one), and (2) the purported Twitter session that has timed out. Naturally, if one is logged onto Twitter and sees the message, they’ll wonder for a second, and then unknowingly key in their user name and password anyway. Perhaps the only “error” we can see in this attack is that the site attempts to access the actual Twitter site the same way a real third-party app or site would to make everything seem legit. However, Twitter requires tokens from such apps and sites. Since we know that this is a bogus page, it doesn’t have a token; thus, it can’t successfully redirect users to their actual accounts as it was supposed to.

click to enlarge

We impore you, Dear Reader, to please exercise caution when clicking links on tweets. Even better: use your better judgment on whether you’d believe a supposedly interesting tweet or not before considering visiting the URL that goes with it. More often than not, scam tweets are designed to sound this way to actually make Internet users click them. Please don’t be fooled.

Just like the “Girl Killed Herself” scam that made rounds within Twitter not so long ago, this, too, will probably go down in history as a classic attack involving two social networking giants. This is not a comforting news. As long as user continue to fall for scams, they will just keep coming.

Jovi Umawing (Thanks to Chris for spotting this)

Leave a reply


Categories

SUNDAY, AUGUST 25, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks