Twitter phising sites are on the loose

Yesterday, started my day as usual: cup of coffee, checking out the weather forecast, quick-read some newspaper while my laptop downloading the e-mails. 80% of were spam. Nice… Quick-delete the junks and quick peek at TweetDeck.

Hey, 1 DM (that’s direct message: private messaging term used by twitter).

*wondering* I hardly get DM from anyone, and especially not claiming that ‘it’s me’. With caution, I traced-back the link: unshorten it using Unshorten.com, and what gives, it’s going to some fishy address:

LOL!

Looking to my watch, there’s still some time, okay, usign my virtual machine, I opened this funny URL. What do you know, I got the following Twitter login screen, which looks like just the real stuff, except for some subtle details:

Twitter comparison - above: fake site, below: the real deal

See it? No? Let me point them out:

• The spaces between the ‘call-out’ triangle just right above ‘Sign in to Twitter’ and the Twitter logo are different
• The white box surrounding the ‘Login’ & ‘Join Twitter’ is smaller on the fake site.
• More and foremost: the addresses are totally different.

By the way, Firefox did give me a warning that this site is reported as forgery. For the sake of you guys, I by-passed that warning .

For you that are still using old browsers with full-fledged vulnerabilities like Internet Explorer 6… I BEG YOU, upgrade it!

How is it even possible?

The site:

Easy peasy: download the login page, make some modifications on how the login informations are passed, you’re in business!

The direct message:

Well, this is somewhat tricky-er. You need to have the username & password in order to login as the person you are impersonating into the real Twitter site.

Well, as the usage of Web2.0 sites and services going rocket high, chances are that you are using the same username and password all over the place: MSN Messenger, YahooMessenger, Facebook, Myspace, Yammer, Twitter, Youtube, GMail, Google pages… and what’s not. And it’s like a goldmine to identity-theft.

The impersonator will be practically needing just one log-in information from all those services to get into your (twitter) account.

And how on earth does he/she able to do that? Well, planting some backdoor trojans, via another phising site, keylogger that sent via attachments, and so-on, you name it!

Round-up:

• Try to use new browsers: Firefox, Opera, Safari (and if you insist and must: IE8)
• Stay alert and suspicious: don’t just blindly open links and/or attachments, even it’s from your own family.
• Use various username & password combinations that are hard to guess, but easy for you to remember
• Change them regularly

Cheers!