#Naked Security » Feed Naked Security » Comments Feed Naked Security » So I Googled your name and found.. a Twitter phishing attack! Comments Feed Another widespread site defacement attack. Leading nowhere? Book review: Ninja Hacking - unconventional penetration testing tactics and techniques alternate alternate Naked Security WordPress.com Antivirus and Security Software from Sophos Global websites Press About us Contact us [sophos-logo.png?m=1320342468g] Naked Security Skip to content Search for: Searc Search Archive by date | author | category Send us a tip | Subscribe by RSS Follow us on Twitter Join us on Facebook Check out the SophosLabs YouTube channel Connect with us on LinkedIn * Malware * Spam * Social networks * Data loss * Law & Order * Apple * Podcast * Video * More * About IFRAME: http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fnakedsecurit y.sophos.com%2F2011%2F10%2F24%2Fso-i-googled-your-name-and-found-a-twit ter-phishing-attack%2F&layout=box_count&height=63&width=49 IFRAME: http://platform.twitter.com/widgets/tweet_button.html?count=vertical&ur l=http%3A%2F%2Fnakedsecurity.sophos.com%2F2011%2F10%2F24%2Fso-i-googled -your-name-and-found-a-twitter-phishing-attack%2F&related=NakedSecurity Another widespread site defacement attack. Leading nowhere? Book review: Ninja Hacking - unconventional penetration testing tactics and techniques So I Googled your name and found.. a Twitter phishing attack! Over 100,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. (Submit) Don't show me this again Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. (Submit) Don't show me this again Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos. (Submit) Don't show me this again Hi there! If you're new here, you might want to subscribe to our RSS feed for updates. (Submit) Don't show me this again Already using Google+? Follow Naked Security's Graham Cluley for the latest security news. (Submit) Don't show me this again On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry. (Submit) Don't show me this again Sorry, something happened and we couldn't sign you up. Please come back later and try again. Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email. Sorry, that email doesn't look right to us so we haven't added it to our list. We're adding your address to our list... Join thousands of others, and sign up for Naked Security's newsletter you@example.com_____ Do it! (Submit) Don't show me this again by Graham Cluley on October 24, 2011 | 917031 Commenthttp%3A%2F%2Fnakedsecurity.sophos.com%2F2011%2F10%2F24%2Fso-i-go ogled-your-name-and-found-a-twitter-phishing-attack%2FSo+I+Googled+your +name+and+found..+a+Twitter+phishing+attack%212011-10-24+18%3A47%3A19Gr aham+Cluleyhttp%3A%2F%2Fnakedsecurity.sophos.com%2F%3Fp%3D91703 Filed Under: Social networks, Spam Slumped tweet Slumped tweet Sometimes they claim to have found a funny picture of you, say that you look like you've lost weight, or that there's a horrible blog going around about you. Whatever the nature of the disguise used by phishing attacks on Twitter, the modus operandi is always the same. Scammers will send you a message, possibly from the compromised account of one of your Twitter followers, and use a social engineering lure to trick you into clicking on the link. And that link will, inevitably, lead to a fake Twitter login page - designed to grab your username and password which can then be used to send out more spam, or to break into your other online accounts. Here's the latest attack, which arrives in the form of a Direct Message (DM) from one of your Twitter pals, claiming that they have searched for you on Google and found some "really funny stuff" about you. Twitter phishing attack via Direct Message Twitter phishing attack via Direct Message so i googled your name and found some really funny stuff about you lol its archived here [LINK] Would you click on the link? Well, if you were tempted to do so your web browser would end up on a fake Twitter page just waiting for you to enter your username and password. Fake Twitter login page Fake Twitter login page And if you do enter your details, you've been phished. Ouch. Hopefully, you're not one of the many people who use the same password on multiple websites - otherwise cybercriminals might not just be able to send spam from your Twitter account, they may also have just been handed the skeleton keys for other parts of your online existence. That could mean that scammers can now steal your personal information for financial gain. Password chart Password chart If you found your Twitter account was one of those sending out the phishing messages, you shouldn't just change your password and consider if you are using the same password elsewhere. It's also a sensible time to look again at how you choose your passwords. For instance, it's important that you don't use a word from the dictionary as your password. It's easy to understand why computer users pick dictionary words as they're much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password. IFRAME: http://www.youtube.com/embed/VYzguTdOmmU?version=3&rel=0&fs=1&showsearc h=0&showinfo=1&iv_load_policy=1&wmode=transparent (Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like) Password security is becoming more important than ever. Make sure that you're taking the issue seriously, or suffer the consequences. There's some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in "Account Settings", and revoke access for any third-party application that you don't recognise. Follow me on Twitter if you want to keep up-to-speed with the latest threats, and learn how to protect yourself. Follow @gcluley Hat-tip: Thanks to our friends at @TweetSmarter for bringing this latest scam to our attention. Tags: phishing, Spam, Twitter Take Our Poll Another widespread site defacement attack. Leading nowhere? Book review: Ninja Hacking - unconventional penetration testing tactics and techniques Related Posts Twitter phishing attack spreads via Direct Messages Twitter phishing attack spreads via Direct Messages Twitter phishing attack spreads via Direct Messages "Found a funny picture of you!" Twitter phishing attack "Found a funny picture of you!" Twitter phishing attack 'Found a funny picture of you!' Twitter phishing attack Look like you lost weight in this video? It's a Twitter phishing attack Look like you lost weight in this video? It's a Twitter phishing attack Look like you lost weight in this video? It's a Twitter phishing attack Image (1) tw-phishing-550.jpg for post 15223 Image (1) tw-phishing-550.jpg for post 15223 Twitter phishers are after your password One Response to So I Googled your name and found.. a Twitter phishing attack! 1. Violet says: October 27, 2011 at 2:21 pm I really appreciated the advice on choosing and disguising a password. Thanks! Reply Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * Name * ______________________________ Email * ______________________________ Website ______________________________ Comment _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ You may use these HTML tags and attributes: 
      

   Post Comment

   [ ] Notify me of follow-up comments via email.

About the author

   Graham Cluley is senior technology consultant at Sophos. The readers of
   Computer Weekly voted him security blogger of the year in 2009 and
   2010, and he pipped Stephen Fry to the title of "Twitter user of the
   year" too. Which was nice. He was also named "Best Security Blogger" by
   the readers of SC Magazine in 2011. You can subscribe to Graham's
   updates on Facebook, follow him on Twitter and circle him on Google
   Plus for regular updates.
   View all posts by Graham Cluley
     *

       IFRAME:
       http://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.
       facebook.com%2FSophosSecurity&width=200&colorscheme=light&show_face
       s=false&stream=false&header=false&height=110&locale=en_EN

     * [threat-report-2012-ad.jpg]
          + Popular
          + Recent
          + Related
       US attacks Iran and Saudi Arabia? Malware spreads via Facebook
       status updates US attacks Iran and Saudi Arabia? Malware spreads
       via Facebook status updates

US attacks Iran and Saudi Arabia? Malware spreads via Facebook status updates
       Want to see who has viewed your Facebook profile? Take care.. Want
       to see who has viewed your Facebook profile? Take care..

Want to see who has viewed your Facebook profile? Take care..
       Facebook's ticker privacy scare Facebook's ticker privacy scare

Facebook's ticker privacy scare, and what you should do about it
       shutterstock_ComputerShock250 shutterstock_ComputerShock250

DNS Changer infrastructure shutdown is a *good* thing
       Anonymous spies on FBI / UK Police hacking investigation conference
       call Anonymous spies on FBI / UK Police hacking investigation
       conference call

Anonymous spies on FBI / UK Police hacking investigation conference call
       ChetChatLogo250 ChetChatLogo250

SSCC 82 - Sophos Security Threat Report, DMARC and mobile phone number leaks
       shutterstock_ComputerShock250 shutterstock_ComputerShock250

DNS Changer infrastructure shutdown is a *good* thing
       shutterstock_USBStickandKeys250 shutterstock_USBStickandKeys250

Encrypted? Check. Strong passphrase? Check. Mailing them together? Oops.
       bouncer bouncer

Is Google Bouncer going to bounce all malware from the Android Market?
       US attacks Iran and Saudi Arabia? Malware spreads via Facebook
       status updates US attacks Iran and Saudi Arabia? Malware spreads
       via Facebook status updates

US attacks Iran and Saudi Arabia? Malware spreads via Facebook status updates
       Twitter phishing attack spreads via Direct Messages Twitter
       phishing attack spreads via Direct Messages

Twitter phishing attack spreads via Direct Messages
       "Found a funny picture of you!" Twitter phishing attack "Found a
       funny picture of you!" Twitter phishing attack

'Found a funny picture of you!' Twitter phishing attack
       Look like you lost weight in this video? It's a Twitter phishing
       attack Look like you lost weight in this video? It's a Twitter
       phishing attack

Look like you lost weight in this video? It's a Twitter phishing attack
       Image (1) tw-phishing-550.jpg for post 15223 Image (1)
       tw-phishing-550.jpg for post 15223

Twitter phishers are after your password

Video posts
       More videos this way
       Viruses and hacking, as seen on TV and in the movies Viruses and
       hacking, as seen on TV and in the movies

Viruses and hacking, as seen on TV and in the movies
       dragon-video-250 dragon-video-250

VIDEO: How to solve the #dragontattoo #sophospuzzle
       Typosquatting - study reveals the real risks when you mistype a
       website's name [VIDEO] Typosquatting - study reveals the real risks
       when you mistype a website's name [VIDEO]

Typosquatting - study reveals the real risks when you mistype a website's
name [VIDEO]
       laptop_250 laptop_250

Identify your missing security patches this Christmas
       fb-stumble-video-250 fb-stumble-video-250

VIDEO: Awkward! Facebook VP stumped by BBC question

Twitter Feed
          + ChetWisniewski: RT @virusbtn: Interpol to set up global center
            to fight cybercrime in 2014 http://t.co/BYIk42SE < No reason
            to be in a rush, right?4 minutes ago
          + ChetWisniewski: Sophos Security Chet Chat 82 #podcast - Sophos
            Threat Report, DMARC and mobile phone privacy w/@duckblog
            http://t.co/ftAs6LdQabout 10 hours ago

   [vip-powered-wpcom-light-small.png?m=1306912805g]

     * © 1997-2012 Sophos Ltd. All rights reserved
     * Legal
     * Privacy
     * Jobs
     * RSS

     *
     *
     *
     *
     *
     *