Twitter phishing... inside Twitter

Over the weekend I received a handful of reports of individuals using Direct Messages inside of Twitter to phish for Twitter accounts and passwords. A cluster of compromised Twitter accounts are sending out person-to-person phishing messages inside the Twitter network. These messages and the target website are similar to standard social network phishing messages, except this time they are very very short.

I was alerted to this attack by Mike Murray, a fellow security wonk, as received his first Twitter phish last night:

Hey, i found a website with your pic on it... LOL check it out here [link removed]

As phishers are motivated by economic gain, we need to ask ourselves how is someone going to make money from compromised Twitter accounts? There are a few possibilities that come to mind. A phished webmail account can be used to send out spam, or even be used to extract ransom out of the legitimate account holder. Also, phishers prefer compromised accounts over newly created accounts as they are less likely to trip off anti-spam techniques that use account age as a metric in convicting spammy accounts. I suspect what is going on at Twitter will be no different.

If the phishing continues and a large number of accounts are compromised, I would suspect a knock-on effect of an increase of spam within the Twitter network. As a heavy Twitter user (@adamjodonnell) and someone who works in anti-spam, I would not be too happy with that outcome.