Another day, another phishing trip: Graham Cluley reports on the Sophos blog that direct messages on Twitter that read, “hi. this you on here? http://blogger.djh****.com” (characters intentionally obscured by Cluley), link to what appears to be a legitimate Twitter log-in page and, when users “log in,” the Twitter fail whale “over capacity” message appears.
However, this is a phishing page, designed to grab your Twitter user name and password as soon as you enter them. In this case, the cybercriminals don’t even seem to have made much effort to hide the fact that the site is dodgy—the domain name they have chosen doesn’t look anything like twitter.com and should stick out like a sore thumb to anyone who cares to take a moment to see where they’ve ended up.
When I visited the page, I was then slingshot to another webpage on Blogspot.com claiming to belong to a blogger called NetMeg99. It’s not clear if NetMeg99 is involved in the phishing scam, but there is a suggestion that her Webpage did also try to phish for credentials at one point.
Sophos suggested that victims immediately change their passwords for Twitter and any other sites where the same log-ins are used.