Thanks to Janne Ahlberg for notifying us about an ongoing Twitter spam attack which is sending potential victims to phishing pages via a Tumblr redirect.
Compromised Twitter accounts and / or bots are sending variations of the below to Twitter users:
You may wanna see this strange rumor about you [Tumblr URL]
We’ve seen some 200+ messages sent in the last ten minutes, and this attack has been ongoing for at least six hours.
Here’s the Tumblr spam blog which is redirecting to the fake Twitter login, and the fake login itself:
The fake page reads:
“Your current session has ended.
For security purposes your [sic] were forcibly signed out. You need to verify your Twitter account, please relogin.”
In other words, very similar to spamruns seen in both February and March.
Twitter users should avoid signing into Twitter via any of the links being sent around, and always check the URL to ensure they’re entering their credentials in the right place.
Christopher Boyd (Thanks Janne).
Thanks, I got one of these but my security software did protect me from going to tumblr.
What happens if you click on “Forgot password?”
All it comes down to is check your URLs, but this should be very obvious as the URL is an IP address.
I’ve seen something similar happen on facebook.
Instead it said: Is this you in the video? (link)
My friend got hacked and sent that message out. I almost clicked it because the link had the word Mew in it and some bullies at school recorded me getting upset and said they’d post it online. But then I decided that it was probably a hack because something told me there was something suspicious about it. So I asked some of our mutual friends and they said he sent the same thing to them as well. Later, the friend confirmed he was hacked.