12 Jan 2012

[Twitter] phishing alert

I got this dm last night: "You seen what this person is saying about
you? http://t.co/yGEpkCu terrible things.." from a friend. The message
looked weird but out of curiosity, I checked out the link (via mobile)
and noticed I was directed to a twitter login page where I am to
provide my username and password. Checking out the address, I noticed
the root domain of the url was http://tivvitter.com/ (notice how close
that looks to twitter.com). Sites like this have only one purpose.
Collect your username and password to use your account for
unscrupulous acts - post ads, scam your friends/followers and even
knock you out. But it goes even beyond twitter. Users should be
careful of links directing them to sites requiring them to login their
credentials. Double check the url and be sure it is the real domain
name of the service or web app.

My name is Opeyemi Obembe. I build things for web and mobile. You should follow me on Twitter (@kehers).