About these ads
Home > Security > Anatomy Of A Twitter Scam

Anatomy Of A Twitter Scam


Do you remember Mobile Phishing and the related risks? Well This morning I had a bad surprise and could see it anction with my hands (or better with my fingers on the display of my Android Device).

This morning I woke up early (6 AM) since I previously arranged a travel to my hometown which takes approximately 4 hours. As usual I have the bad habit to check email upon awakening, directly from my Android device. This morning found a strange DM strange DM on my Twitter Account:

This made me laugh so hard when i saw this about you lol hxxp://t.co/AusOXeQ

I already exchanged some DMs in English with this contact, so, the content was not so strange (probably a similar message from an Italian contact would have received a different impact and triggered an alarm bell). Moreover I suppose my neurons were not completely up and running (actually they are rerely in this state), so a little bit for curiosity, a little bit for fun I clicked the link directly from my mobile device.

In the following screenshots you may realize how easy and dangerous for the user, mobile phishing is: as a matter of facts the link points to a bogus Twitter-like site, but, believe me, from a 3.7″ screen is really difficult to discriminate it.

The page is really similar to the real one:

But yes, if you look carefully at the address bar (but at the 6 AM with the sleep fog surrounding you is not so easy) you will notice a misplaced detail and it is the link (currently up): hxxp://www.ltwittier.com/session-verify (but not all the address is visibile on the bar). If you click on the text box the situation is even worse since the address bar, a default beaviour for the Android Browser, disappears.

Needless to say, if you login, your account will be hacked and your contacts will suffer the same fate.

This event shows how easy is to fall victim of phishing in case of mobile devices and, even worse, in case the bait comes from Social Network (and a professional social network how Twitter is for me, in which I trust the reputation of my contacts).

Always remember to check the links and be careful to follow strange links from mobile devices!

P.S.

If you point to the incomplete link: hxxp://www.ltwittier.com/ there is a clear evidence of the fact that the site is bogus:

http://paulsparrows.files.wordpress.com/2011/09/wronglink.png” alt=”” width=”300″ height=”494″ />

About these ads
  1. Omkar
    September 15, 2011 at 7:08 pm

    nice info. faced same issue…. :)

  2. September 19, 2011 at 8:07 pm

    Thanks — just got that DM and thought it looked strange. Glad I checked before clicking on the link.

  3. September 20, 2011 at 3:50 am

    I was trying to work out why anyone would fall for it, some of my contacts obviously have. Now I realise it’s targeted to mobile devices. And those are the friends who’ve fallen for it.

    Thanks for breaking it down.

  1. January 13, 2012 at 7:45 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 3,041 other followers