Security researcher Janne Ahlberg has been monitoring Twitter for quite some time for suspicious activities, particularly phishing scams and diet spam. The expert says there’s a new wave of attacks.
Ahlberg has tweeted a lot on the topic lately. He has told Graham Cluley that cybercriminals are abusing hijacked accounts to send out direct messages that read something like “I figured I’d show you this” or “There’s something about you that you need to read.”
The links that accompany these messages point to a Twitter phishing site that’s designed to trick users into handing over their credentials.
Ahlberg has notified both Twitter and a number of security companies regarding these campaigns. However, so far, not much has been done.
McAfee, on the other hand, has acted quickly after learning that spammers were abusing the company’s Secure Short URL service.
In addition to phishing attacks, a lot of Twitter accounts have been compromised and abused to lure users to shady diet websites. In one case, the spammers used a redirecting site called greek-sites.gr to send out as many as 20-40 tweets per minute.
Several high-profile accounts have been hijacked and abused to promote the diet sites, including the ones of British historian Simon Schama, Scottish National Party politician Stuart McMillan, and British Labour Shadow Minister for Health Jamie Reed.
In order to protect yourself against such attacks, avoid clicking on suspicious links and always make sure that the website you’re entering your Twitter credentials on is legitimate.
However, the best way to defend yourself is to activate two-factor authentication on Twitter. The system makes it much more difficult for spammers and cybercriminals to hijack your account.