Cybercriminals Continue to Abuse Twitter for Diet Spam and Phishing

McAfee's URL shortening service abused by phishers

Security researcher Janne Ahlberg has been monitoring Twitter for quite some time for suspicious activities, particularly phishing scams and diet spam. The expert says there’s a new wave of attacks.

Ahlberg has tweeted a lot on the topic lately. He has told Graham Cluley that cybercriminals are abusing hijacked accounts to send out direct messages that read something like “I figured I’d show you this” or “There’s something about you that you need to read.”

The links that accompany these messages point to a Twitter phishing site that’s designed to trick users into handing over their credentials.

Ahlberg has notified both Twitter and a number of security companies regarding these campaigns. However, so far, not much has been done.

McAfee, on the other hand, has acted quickly after learning that spammers were abusing the company’s Secure Short URL service.

In addition to phishing attacks, a lot of Twitter accounts have been compromised and abused to lure users to shady diet websites. In one case, the spammers used a redirecting site called to send out as many as 20-40 tweets per minute.

Several high-profile accounts have been hijacked and abused to promote the diet sites, including the ones of British historian Simon Schama, Scottish National Party politician Stuart McMillan, and British Labour Shadow Minister for Health Jamie Reed.

In order to protect yourself against such attacks, avoid clicking on suspicious links and always make sure that the website you’re entering your Twitter credentials on is legitimate.

However, the best way to defend yourself is to activate two-factor authentication on Twitter. The system makes it much more difficult for spammers and cybercriminals to hijack your account.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s