Britain all atweet over Twitter phishing attack

A Twitter phishing attack has hit several prominent British Twitter users

The latest phishing attack on Twitter users swept the U.K. overnight claiming several prominent users.

The result was evident on Friday morning when users woke up to find messages on compromised accounts that read, "hey, i've been having better sex and longer with this here," followed by a link to a Web site selling sexual-performance drugs.

Although the number of people affected is difficult to determine, it made top news on the country's TV networks and news sites perhaps in part because of those affected. They include at least one member of Parliament and several journalists.

Ed Miliband, a British Cabinet member and the country's secretary for energy and climate change, tweeted on Friday morning, "Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam." The tweet had been removed from his Twitter stream.

Another of those who saw his account hacked was Matt Wells, head of audio at The Guardian newspaper, who tweeted, "Good morning. I am neither female, nor have I been having better sex lately. (Although if there are any offers...). First-time Twitterhacked." The offending tweet was still available on his page at time of writing.

Other reports said BBC correspondent Nick Higham and the country's Press Complaints Commission were also hit.

While some of the accounts are believed to have been hacked by software programs looking for weak passwords, at least some were through Twitter direct messages that tried to entice users to click through to see a message from a young, attractive woman. Upon clicking the link users were taken to a look-a-like Twitter log-in page where they were asked to enter their username and password.

Twitter posted a message to its Twitter Safety channel late Thursday local time warning users to beware of direct messages. "If you get a DM from an enthusiastic lady wanting to converse by IM, please ignore. User is likely compromised & request is spam."

The phishing attack mirrors a similar one a week earlier that saw messages asking "LOL this you?" sent to users.

It's the kind of thing that will persist on social networking services, said Graham Cluley, senior technology consultant at security company Sophos.

"The fact is that social networking accounts have a financial value," he said. "They can be used as a springboard for sending out more spam, malware or selling things."

Users on sites like Twitter and Facebook tend to feel safer when using the sites than others on the wider Internet but should be every bit as aware, he said. Messages received through the sites don't necessarily come from friends, but could be from anyone with access to the account.

Cluley said social networking services were starting to take phishing more seriously but are well behind Web-based e-mail services like Hotmail and Gmail. While those sites often filter messages and links, social networking sites are only just beginning to do so.

The problem can be worse on Twitter because of the 140-character message limit. It encourages the use of URL-shortening services that hide the site's identity.

Bit.ly, one of the most popular URL shortening services, recently started working with Sophos to scan links, said Cluley, but some others are yet to offer such a service. Many of the messages from Friday's attack were shortened using Hurl.ws, a service offered by New Zealand's Bluespark.

"Ultimately it's you, the human, that needs to do [the filtering,] Cluley said. "It's up to you to decide to enter your username and password. Fixing that bug in people's brains is an upgrade we are not capable of."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags twitterphishingUKsocial engineering

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Martyn Williams

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?