Warning: attackers are trying to hijack your Twitter account

Last night I learned about one attack targeting Twitter users. Attackers have a simple goal: they want to hack your Twitter account.

The first step is a Direct Message (DM) or e-mail coming from one of your followers. Attackers have used messages like these:

  • Hey this person is threatening to expose something really serious and bad about you…(some link)
  • This person is threatening to expose something bad about you…(some link)

This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers.

If you click the link, you will be redirected to a phishing website like this:

Twitter phishing site

Be careful not to enter you username, email address and password to sites like this. Check the address bar carefully: twitller.com – one letter makes a big difference. Make sure you are on twitter.com before logging in. Please read Twitter Help Center article: Keeping your account secure.

Just in case: below is a screen-shot of the real login page.

twitter-real-loginWhat can happen if your account is compromised?

  • Your account may start tweeting spam (recent example: diet spam)
  • Your account will send similar DMs to your followers to lure victims
  • You might lose access to your account in case the attackers change your password
  • Attackers will try to hijack your other accounts such as e-mail, Facebook, Pinterest… They will most likely succeed if you use the same password on all services.
  • Etc.

If your account is hacked, read the Twitter Help Center instructions: My account has been compromised.

Further warnings

This phishing site is not the only one and there will be new ones. I believe that the attackers have similar sites for all popular social media services. Attackers can use all kinds of tricks in order to hijack your account(s), including malware. Be careful with suspicious links and double-check the website address before entering your credentials.

Please spread this message. Too many accounts have been compromised already. You can find many frustrated persons tweeting for help on Twitter.

Guys I’m so sorry if you got spam from me! I was hacked. Please disregard any dm’s from me!

@twitter Need some support help. Looks like my account has been hacked. Who can I email?

Update 16-July

Here is the Web Of Trust (WOT) entry about this phishing site including links to PhisTank.

There seems to be quite many similar sites: tcwitter.com (blocked), tvvytter.com (offline), twitteril.com (offline), twlilter.com (offline).

Blocking update 19-July:

Some phishing links are blocked by the popular browsers.

Unfortunately only handful of phishing links are blocked. The site always shows a fake login page with the following format: twitller(.)com//. Blocking individual links is pointless. The whole domain should be blocked or taken down.

Chrome block

Update 25-July: new phishing site spotted

Twitller.com is no longer active. Today I spotted a new phishing site that seems to be a copy of the old one: itwitier.com. Attack scheme is the same: user receives a DM that contains a link to the phishing site.

itwitier phishing siteThe current Virustotal detection ratio of this site is only 4/39.

Other articles about this topic:

Twitter Users Warned of “This Person Is Threatening to Expose You” Phishing Scams – by Softpedia

Beware of Fraudulent Sites, phishing for Twitter accounts by The Hacker News (THN)

Latest phish trawl: Your Twitter friend may not really be your friend by The Register

Common phishing scams and how to recognise and avoid them by Comparitech.

Please keep spreading this warning