Security Alert: Fake twitter website

Spam messages even from Forrester's top Analyst R Ray Wang and other high profile SAP experts

I recently came across a forged twitter website which is currently active and may cause severe damage to your online identity and privacy. This kind of attack is conducted for the purposes of information or identity theft. Not only your personal data but your corporate affiliation is also on the stake. This is similar to any other conventional phishing attack, but this time it’s not just an e-mail but a direct message coming from a twitter user you already follow. So you can’t control unwanted spam as it’s coming from your own peers.

The perpetrator sends out legitimate-looking e-mails or direct message from your friend’s twitter account and takes you to a forged webpage which can collect your user account information and credentials. There is nothing new in this scam, people are aware of the similar threats and have some sour experiences, but sometimes even the geeks gets trapped into this kind of parody. Reasonably it’s not possible to verify the address bar every time you turn to another webpage but it is essential and you need to adopt this habit.

Don’t click on every link coming your way, Don’t sign in through any third party twitter application, cause a genuine twitter application will never ask for it. As a best practice you should always logon through twitter OAuth mechanism that twitter has recently adopted. Checkout more about twitter OAuth http://apiwiki.twitter.com/OAuth-FAQ

In my case, I got a twitter message from a user @sapinfo that am following from quite some time and do believe that any message coming from this user might be of interest to me. I clicked the link and “Holly Cow” the link forwarded me to a phishing site. http://videos.blogs.dsfasdc.com/  It was a fake twitter home page asking me to sign in again. The best I could do is to spam their database with an automated dictionary script, just to mislead the hackers. The number of corporate users on twitter are way more than any other social media network and that’s the reason the perpetrators are now focusing on twitter for phishing attacks to gain inside access.

Fake twitter homepage, Fellow SAP experts beware, you are on target

Following is how it works:

1. You get a direct message on twitter from a user you follow (may be your boss)
2. On clicking the link, you are forwarded to a webpage similar to twitter homepage (The fake one)
3. You are asked to logon and generally people do as asked
4. Your username and password is saved on the database, further you are re-directed to some other webpage.

Generally the hackers never change your passwords but continue to exploit you in several ways. They logon to your account and invite others and continue to steal passwords. This can be automated with a simple php script, Not a big deal for any programmer.

On logon you are re-directed to a blogspot blog.

I think thousands of (if not millions) twitter accounts have been already compromised and the hackers may have several corporate and high profile users at their disposal. Not only this, it’s much more serious then it seems, According to a research on end user experience, 70% of internet users use the same password on multiple sites. This includes their banking and corporate accounts too. So it’s very easy to hack into any corporate application through some planning and proper execution. Believe it or not nothing much has changed in all these years, same concepts are bouncing back with fancy names. Social media networks like facebook, orkut, hi5, twitter and almost all such networks are vulnerable in one or the other way.  I hope you know what am talking about..