Twitter users hit hard by "LOL" phishing attack

Posted by William McBorrough, MSIA, CISSP, CISA, CRISC, CEH | News | Monday 22 February 2010 3:12 pm

IT security and data protection firm Sophos is warning that a major attack against Twitter users this weekend was designed to steal passwords and use hijacked accounts to spread money-making campaigns.

The attack, which is ongoing, began on Saturday, as Twitter users found that fellow members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.

Messages, which began with phrases such as “Lol. this is me??”, “lol , this is funny.”,”Lol. this you??” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a website based in China called BZPharma.net.

Unless the hacked Twitter users change their passwords, the intruders can continue to spread spam and other attacks from their hijacked accounts

Source: www.sophos.com/pressoffice/news/articles/2010/02/twitter-phishing-attack.html

About: William McBorrough, MSIA, CISSP, CISA, CRISC, CEH:
William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to global financial sector organizations. He is on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security management. His core competencies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Management, IT Governance, Security Organization Development, Information Security and Assurance
Website:http://www.linkedin.com/in/mcborrough
If you enjoyed this post, subscribe to my RSS feed!

No related posts.

  • Post a comment
    CAPTCHA Image
    *

    Threaded commenting powered by Spectacu.la code.

Get Adobe Flash player

Switch to our mobile site