Thanks to Janne Ahlberg for notifying us about an ongoing Twitter spam attack which is sending potential victims to phishing pages via a Tumblr redirect.

Compromised Twitter accounts and / or bots are sending variations of the below to Twitter users:

You may wanna see this strange rumor about you [Tumblr URL]

Spam attack

We’ve seen some 200+ messages sent in the last ten minutes, and this attack has been ongoing for at least six hours.

Here’s the Tumblr spam blog which is redirecting to the fake Twitter login, and the fake login itself:

Tumblr spamblog

 

 

Fake login page

The fake page reads:

“Your current session has ended.

For security purposes your [sic] were forcibly signed out. You need to verify your Twitter account, please relogin.”

In other words, very similar to spamruns seen in both February and March.

Twitter users should avoid signing into Twitter via any of the links being sent around, and always check the URL to ensure they’re entering their credentials in the right place.

Christopher Boyd (Thanks Janne).