Recently we witnessed a Facebook Worm which infected millions of users worldwide by just asking users to ‘Like’ the message in order to display the content. Now Twitter, which is one of the largest social network, has been warned by security experts about a new phishing attack. Seems like hackers and worm creators are aiming users glued to social networks.
The phishing attack tricks users into exposing their credentials by displaying a fake error message of a wrong username and password. The attack sends a direct message from compromised accounts which reads:
You have to be the first to see these new pictures!! followed by a link….
Upon clicking the link, it reveals a phishing page hosted on various domains which brings up the look-alike Twitter log-in page, displaying an error message of a wrong user name and password. Users are tricked to re-enter the login details making users believe that an automatic authentication is being attempted by the social network to reveal the photos.
Users who input their login information on the page will reveal details to attackers while redirecting the user to the Twitter homepage.
Although this attack is common, users still get misguided. Users are advised to carefully use pages which ask for login details. Only SSL-protected version of Twitter which protects your credentials on unprotected wireless networks should be accessed.
Earlier, Facebook had issued the same warning.