Twitter Celebs Fall For Widespread Phishing Attack

Phishers phishing identity theft

Like similar phishing scams seen on Facebook and MySpace, the latest version of the Twitter attack targets numerous celebrities, including President-elect Barack Obama, Britney Spears, and CNN anchor Rick Sanchez, among others, who have claimed to have fallen for the scam.

Since the weekend, the phishing attack has appeared to evolve into a traditional malware campaign in which users are enticed to click on malicious links for sites that contain keystroke loggers and other information-stealing code, experts say.

"We've already seen it move to a very traditional kind of phishing attack," said Marina Merritt, Internet safety advocate for Symantec. "As (attackers) get people to click that link, there are so many exploits."

Like traditional phishing attacks on other social networking sites, the Twitter messages seem to come from someone that the victim knows. The attackers send what appear to be personalized "tweets" containing a link to a Web site impersonating the Twitter login site. In fact, the link leads users to a fake login page designed to trick them into handing over their usernames and passwords. Twitter said that the phishing attack domain appears to originate from China. The news was initially broken Jan. 3 by blogger Chris Pirillo after he received one of the phony Twitter messages used in the attack. Since then, Twitter posted a security advisory on its site warning users of the scam.

"This is NOT the Twitter login page, and it smells completely phishy," Twitter warned in its posting. "Suggestion: do NOT log in to your Twitter account through any site other than Twitter.com. This may go without saying, but consider how many third-party Twitter services you use? Seems it's about time for some kind of verification/validation or applications using the Twitter API " so you can be sure you're passing your credentials to the right people."

The attack has advanced with several variations, including a scheme to trick users into logging in with their cell phone number, in an attempt to steal prepaid account information, experts say.

The phishing attack appears to have spread rapidly over the last two days, although experts say that it is still too early to precisely assess the number of victims.

Meanwhile, security experts strongly recommend that users avoid clicking on links from unknown sources. That goes doubly for forums like Twitter, where the user's ability to guess the origin of the sender is somewhat cloaked, Merritt said. "We've always said that's a bad idea. It's really too hard to identify a safe URL from an infected URL," said Merritt. "

Twitter users who think they've fallen for the attack are immediately advised to change their passwords and login credentials, Merritt said.