Twitter hit with second phishing attack this week

Sophos warns of messages leading to fake Twitter log-in pages that come several days after an attack leading to pharmaceutical spam sent from compromised accounts.

This screenshot shows the message sent in the latest phishing attack to hit Twitter. Sophos

Twitter users were being hit on Wednesday with what seems to be the second phishing attack this week, according to security firm Sophos.

The latest attack features a message that says "This you????" followed by a link that leads to a fake Twitter log-in page, according to a blog post by Sophos' Graham Cluley. If a user provides the log-in credentials, the attackers have control over the user's account and can retweet the phishing message from that account.

Earlier in the week, a phishing attack was spreading via direct messages that were widely distributed because of third-party services such as GroupTweet, according to Sophos. Compromised accounts were then used to send pharmaceutical spam for herbal Viagra.

The Sophos blog entries have videos explaining the attacks. They also warn users not to reuse passwords on different sites. A Twitter phishing attack that steals your log-in credentials compromises your bank and e-mail accounts, if you use the same password on those sites.

A Twitter representative did not respond to an e-mail seeking comment.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Love heavy and clunky tablets?

Said no one ever. CNET brings you the lightest and thinnest tablets on the market.