Twitter Phishing Attack Hooks UK Cabinet Minister - InformationWeek
IoT
IoT
Software // Operating Systems
News
2/26/2010
01:07 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Twitter Phishing Attack Hooks UK Cabinet Minister

The company is warning people not to surrender personal details to fake Twitter login pages.

A phishing attack on Twitter has claimed several high-profile victims including a British cabinet minister and a bank.

Ed Miliband, the U.K's Secretary for Energy and Climate Change, on Friday found his Twitter account sending out spam tweets promoting sexual enhancement products.

U.K.-based security company Sophos says that Miliband appears to have been duped into revealing his login and account details by a series of attacks identified earlier this week.

The attack relies on the phrases "This You????" or "LOL this is funny" to get Twitter users to click on phishing links.

Those links take victims to a look-alike Twitter login page that turns entered information over to the cybercriminals behind the campaign.

Twitter on Wednesday posted a warning about this particular scam. "If you receive a DM or see a message with a phrase like 'This you??' or 'LOL is this you' followed by a link, please do not click through; there's a phishing site on the other side," the company said on its status page.

First Direct, an Internet and telephone banking subsidiary of HSBC Bank, on Friday acknowledged being victimized in a Twitter post: "Hi all, I'm sure you can tell, but we were hacked last night - please disregard any inappropriate tweets that purport to come from us!"

Recognizing the potential brand damage, the bank quickly clarified that only its Twitter account had been compromised and that no customer personal data had been revealed.

Other victims in the U.K. reportedly include Labour party deputy leader Harriet Harman and journalists from the BBC and The Guardian.

F-Secure, a security company based in Helsinki, Finland, attributes spammers' interest in compromised Twitter accounts to recent efforts by Google, Microsoft, and Yahoo to integrate nearly real-time data, like Twitter posts, into search results lists. This allows spammers to use Twitter and other social communication tools to target keywords associated with current news events, in order to secure prominent placement for their malicious links.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll