Sometimes, it seems scams are becoming almost as common as social media experts on Twitter. The latest one, unleashed Monday morning and initially noticed by tech blog Mashable, centers on a fake blog hosted at the domain twittersblogs.com. Tweets containing links to the site circulated rapidly, each featuring the message: “omg!! is it true what they wrote about you in their twit blog?”
Inside the Twitter Scam
Clicking on the twittersblogs.com link takes you to a page designed to look exactly like the real Twitter login page — except, of course, it isn’t. Entering your username and password simply puts your access information into the hands of the hackers, allowing them to login to your Twitter account and use it as they wish.
In this instance, it appears the site primarily used compromised accounts to spread the phishing links further. What, if any, broader goal was behind the effort is not yet clear.
Testing the Twitter Waters
As of this publication, Twitter has yet to mention the scam on its official blog or status update page. When I tested the twittersblogs site using a dummy account, however, the phishing tweet did not get sent (despite my having submitted the account’s username and password).
What’s more, the last tweet within Twitter Search to contain the original message was sent several hours ago, suggesting that the Twitter team may have since blocked the site’s efforts. Still, only the scam’s spread has been stopped — as of now, the links are still scattered throughout the Twitter network. Anyone belatedly clicking them and entering their information would still be compromising their account’s security, even if the message isn’t being actively retweeted.
The domain twittersblogs.com, for what it’s worth, is registered to a “Matt Smith” in New York City, according to DNS records. Neither the phone number nor the address listed appears to be valid. The URL, it’s also worth noting, is already being recognized by Google Chrome as a “suspected phishing site.”
The good news, though, is that defending yourself from phishing is simple: Be wary of where you click, and use extreme caution when giving out your password. If you don’t see “twitter.com” in your browser’s location bar, odds are, you aren’t on the actual Twitter page. Surf back manually to twitter.com before divulging any of your details — and, in doing so, keep your profile from falling into the wrong hands.