This weekend, Twitter experienced the latest phishing attack in a string that has been hitting social media websites of late. As more and more users utilize social networking websites, it becomes more profitable for cyber criminals to target victims using the sites.
The latest attack utilizes Twitters direct messaging (DM) feature, which allows users to directly message another user (similar to AIM chats). The Tweets are direct from one user to another.
According to researchers at F-Secure, the messages claim that a user should alter their photo or that they can see themselves at a particular address. The link takes the user to a fake Twitter page that prompts the user for their login credentials. Once the criminal has the login credentials, they use the compromised account to send similar messages to the account’s contacts.
Once the accounts have been compromised, the criminals use the compromised accounts to post malicious URLs that spread malware.