Was Stephen Fry fooled by iPhone Twitter phishers?
Please support our Web Development advertiser: Programming Forums
Jan 5th, 2009, 10:22 am
Sophos, the security outfit, has issued a warning for users of Twitter to be on the lookout for an evolving phishing attack which could steal personal data if they are not very careful. Already thousands of Twitterers are thought to have received messages from their friends which invite them to visit a specific website for a number of various reasons. Amongst them, it seems, is Stephen Fry.
According to reports the bait used in the messages can be anything from the lure of winning an Apple iPhone through to promises of funny pictures or blog articles supposedly about the recipient of the message.
Usually, I would suggest, anyone stupid enough to follow a link to something that says "Hey, i found a website with your pic on it... LOL check it out here" deserves everything they get. But these messages come from your friends accounts, giving them a certain amount of authority and painting them with a certain amount of trust. Indeed, if a close friend sends you a message saying "hey. i won an iphone! come see how here" then you might be tempted to do just that.
Of course, follow the link and you arrive at a bogus Twitter page designed to steal your login name and password. Doh!
According to various reports one person who was fooled was none other than UK celebrity and host of the popular QI television programme, Stephen Fry. Sophos, for example, says that he "unwittingly clicked on the link without realising that he was being taken to a potentially dangerous website" although there is no evidence to suggest that his account has been compromised in any way.
Fry has tweeted himself that he received some 20 of these phishing messages offering free iPhones, saying "Lawks. Hope I haven't been phished for all my details. Clicked on scam URL last night before I knew what it was. Eeek."
"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as an alarming 41 percent of internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," said Graham Cluley, senior technology consultant at Sophos. "Twitter users who may have lost control of their accounts need to change their passwords as a matter of priority before more harm is done. Compromised social networking accounts are valuable for hackers as they can use them for a springboard for spam campaigns, identity theft attacks and other online crime."
Makes a change from the usual fake bank phishing scams or Twitter stories about Britney and Obama I guess.
According to reports the bait used in the messages can be anything from the lure of winning an Apple iPhone through to promises of funny pictures or blog articles supposedly about the recipient of the message.
Usually, I would suggest, anyone stupid enough to follow a link to something that says "Hey, i found a website with your pic on it... LOL check it out here" deserves everything they get. But these messages come from your friends accounts, giving them a certain amount of authority and painting them with a certain amount of trust. Indeed, if a close friend sends you a message saying "hey. i won an iphone! come see how here" then you might be tempted to do just that.
Of course, follow the link and you arrive at a bogus Twitter page designed to steal your login name and password. Doh!
According to various reports one person who was fooled was none other than UK celebrity and host of the popular QI television programme, Stephen Fry. Sophos, for example, says that he "unwittingly clicked on the link without realising that he was being taken to a potentially dangerous website" although there is no evidence to suggest that his account has been compromised in any way.
Fry has tweeted himself that he received some 20 of these phishing messages offering free iPhones, saying "Lawks. Hope I haven't been phished for all my details. Clicked on scam URL last night before I knew what it was. Eeek."
"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as an alarming 41 percent of internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," said Graham Cluley, senior technology consultant at Sophos. "Twitter users who may have lost control of their accounts need to change their passwords as a matter of priority before more harm is done. Compromised social networking accounts are valuable for hackers as they can use them for a springboard for spam campaigns, identity theft attacks and other online crime."
Makes a change from the usual fake bank phishing scams or Twitter stories about Britney and Obama I guess.
•
•
•
•
This blog entry was written by Davey Winder, staff writer aka happygeek. It has been filed under the Web Development category. It has received 1,403 views, 0 comment(s), and 30 linkbacks. It was promoted to featured news status Jan 5th, 2009.
Related Blog Entries
- Pink iPhone 3GS is hot stuff (2 Days Ago)
- Michael Jackson sparks celebrity death hoax epidemic (4 Days Ago)
- Reading a 200 year old newspaper in the hot tub (5 Days Ago)
- Michael Jackson and web events (8 Days Ago)
- Professionals Poo Poo Passwords (8 Days Ago)
Related Forum Threads
- best password (Geeks' Lounge)
- Wish me luck (Geeks' Lounge)
- IE Explorer/Search Engine problems! (fake/redirect search results;dysfunctional sites (Viruses, Spyware and other Nasties)
- Beware The MicroSoft HoneyPot is out to find you! (Viruses, Spyware and other Nasties)
- About:Blank in HighjackThis (Viruses, Spyware and other Nasties)
- PHP .tpl format template help! URGENT! (PHP)