Phishing Attack Hits Twitter's Users via Direct Messages

There had been many attack on social network especially on identity theft and the latest one is the phishing attack that hits Twitter’s users by having by spreading via direct messages. Unlike the previous Twitter attack where the Fox News Twitter tweeted about Obama’s death,  the purpose of this phishing attack is to steal the victim’s Twitter username and password by providing them the Twitter’s home page graphical user interface to ask them to login. When they key in the username and password, the data will not go to Twitter but instead to the attacker controlled server. The phishing page looks like below.

Twitter Phishing Attack – How?

twitter phish

Image is from

It might look exactly the same as the actual Twitter login page but if you look carefully, the URL is not the same. It might looks almost the same to confuse other Twitter users but will not confuse any user who are careful enough to read the URL thoroughly.


Image is from

The reason of this attack could probably similar to the one where it is also a phishing attack which hits Tumblr bloggers. This is because many users use the same username and password not for only one account, but many. Thus the attacker who got the Twitter username and password could also try for the banking username and password and might have the percentage to succeed.

Generally, phishing attack sometimes can be quite repetitive. For instance, this round of phishing attack is to reuse part of the previous Friendster or any messenger message attack where it will ask the victim to check out some of their photo which is not real. Together with those messages, it will include a link which leads to the phishing Twitter login page. Those messages are like below:

is this you in the video?

is this you in this picture?

check this out… it’s a funny blog post. you’re mentioned in it.

There was a tweet by Del Harvey, the Twitter’s Lead and Trusty team who asked the users to changed their password to those who are affected with the phishing attack. Remember that you should not create an easy to crack password and should always create a long, complicated and yet non-meaningful password. You can refer to the guide on how to create a strong password always.

Twitter Phishing Attack – My Verdict

We should always be aware of the URL when some tricky message is sent to you in a very rare occasion manner. Not to say all those messages are not legitimate but perhaps it could really be your friend wanted you to check out something there. Commonly, attacker will add in the thin letter like ‘l’ or ’i’ so that it can confuse the user eyesight. For Twitter’s case, it can add in another letter ‘t’ in between the two ‘t’ for create a confusion that is hard to be detected.

Last but not least, always stay of phishing attack as this method had already proven for its effectiveness since many years ago and it is not outdated till now. Do follow me on Twitter to get the latest security news.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. How to Detect and Combat Phishing Attack
  2. Fake Facebook Security Team Sent Out Phishing Messages
  3. Beware: Phishing Attack Hits Paypal
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)