More Twitter Phishing and Account Hacks Hit Today
There was another round of Twitter phishing and spam attacks today, this time originating from apparently hacked user accounts and going out via direct message (DM) to followers.
Early DMs had the text “hi. i found you on here,” followed by a link to a website whose registration reads Xin Net Technology Corporation, in China. Subsequent messages read “I make money online with google. i learned how, ” and “i made $426.23 online today with,” both of which were followed by links to a website within the domain iofndsn.info which forwarded to a page at safetrialoffers.com, a site which purports to have money making opportunities with Google.
The phishing portion of the attacks appear to have been at least partially successful, as many of the spam DMs were sent from multiple accounts within specific communities, though how the initial hacks were perpetrated is unknown.
Productbody, the Twitter ID of a popular soap and body products maker, reports having their account hacked, but believes it to have been a brute force hack.
“I hadn’t logged onto my Twitter account in over 36 hours, and certainly hadn’t clicked on any links leading me to Twitter, yet every one of my followers got spammed via direct message,” said Joanna Schmidt, founder of Product Body. “I have no idea how someone got access to my account, but I’ve been doing damage control all afternoon,” she added.
But Productbody wasn’t the only account that was breached. They also received the same DMs from Twitter IDs they were following, and other members of the soaping community are reporting the same thing.
If you receive DMs with any of the above text, it is recommended that you do not click the link within it. If messages have been sent from your account, log onto Twitter and change your password immediately. You may also want to review apps that you have granted access to, by clicking on settings/connections and deleting any you do not use or need.