Warning: attackers are trying to hijack your Twitter account
Last night I learned about one attack targeting Twitter users. Attackers have a simple goal: they want to hack your Twitter account.
The first step is a Direct Message (DM) or e-mail coming from one of your followers. Attackers have used messages like these:
- Hey this person is threatening to expose something really serious and bad about you…(some link)
- This person is threatening to expose something bad about you…(some link)
This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers.
If you click the link, you will be redirected to a phishing website like this:
Be careful not to enter you username, email address and password to sites like this. Check the address bar carefully: twitller.com – one letter makes a big difference. Make sure you are on twitter.com before logging in. Please read Twitter Help Center article: Keeping your account secure.
Just in case: below is a screen-shot of the real login page.
- Your account may start tweeting spam (recent example: diet spam)
- Your account will send similar DMs to your followers to lure victims
- You might lose access to your account in case the attackers change your password
- Attackers will try to hijack your other accounts such as e-mail, Facebook, Pinterest… They will most likely succeed if you use the same password on all services.
If your account is hacked, read the Twitter Help Center instructions: My account has been compromised.
This phishing site is not the only one and there will be new ones. I believe that the attackers have similar sites for all popular social media services. Attackers can use all kinds of tricks in order to hijack your account(s), including malware. Be careful with suspicious links and double-check the website address before entering your credentials.
Please spread this message. Too many accounts have been compromised already. You can find many frustrated persons tweeting for help on Twitter.
Guys I’m so sorry if you got spam from me! I was hacked. Please disregard any dm’s from me!
@twitter Need some support help. Looks like my account has been hacked. Who can I email?
There seems to be quite many similar sites: tcwitter.com (blocked), tvvytter.com (offline), twitteril.com (offline), twlilter.com (offline).
Blocking update 19-July:
links are blocked by the popular browsers.
Unfortunately only handful of phishing links are blocked. The site always shows a fake login page with the following format: twitller(.)com/<insert 6-7 characters>/. Blocking individual links is pointless. The whole domain should be blocked or taken down.
Update 25-July: new phishing site spotted
Twitller.com is no longer active. Today I spotted a new phishing site that seems to be a copy of the old one: itwitier.com. Attack scheme is the same: user receives a DM that contains a link to the phishing site.
The current Virustotal detection ratio of this site is only 4/39.
Other articles about this topic:
Beware of Fraudulent Sites, phishing for Twitter accounts by The Hacker News (THN)
Please keep spreading this warning