Newest round of Twitter spam
This one fooled me for a half second.
I got an email to my work account indicating that I had 3 delayed messages in my Twitter account. The social engineering technique is designed to get me to click on the link and redirect me to a spam site, and quite possibly infect my system with malware as part of either a drive-by download or “click here to install such-and-such” (I didn’t click on the link). Because the message looks like something Twitter might send (it looks a lot like Twitter), users could easily be tricked into going there. Because it came into my email account that I don’t have associated with Twitter, I was immediately on-guard. But I felt that emotional taking-down-of-my-guard when I saw that it was “from” Twitter.
The sending IP is coming out of Russia, but the site is hosted on a domain that ends in .com.ar. The A-record for this site is hosted on an IP address that belongs to a hosting company out of Florida.
Be aware. It’s a social engineering spoof, not a legitimate Twitter message.
Comments
Anonymous
April 24, 2010
The comment has been removedAnonymous
April 24, 2010
Thanks, Elly.Anonymous
April 28, 2010
Just want to point out that twitter recent signed up to using truedomain (http://www.truedomain.net/), so if you have a Fastmail account (http://www.fastmail.fm), emails appear with the twitter logo next to them in the web interface. Makes spotting phishing emails a lot easier. I wrote a summary of what truedomain are trying to do in the anti-phishing space here: http://blog.fastmail.fm/2010/01/06/truedomain-anti-phishing-and-email-authentication/ Rob