WARNING: 55,000 Twitter Password Reset Notifications

newsguy 1 Tallied Votes 1K Views Share

If you get an email purporting to come from Twitter suggesting that you have forgotten your password, even though you know exactly what it is, you will not be alone. It would appear that around 55,000 people have already received these fake notifications which, as if you haven't guessed, are malicious link-filled spam.

The Websense Security Labs ThreatSeeker Network warns that the spam contains a link to a compromised site which will attempt to download a malicious executable named password.exe that is actually another of those rogue AV applications, this one being identified as Protection Center Safebrowser.

The payload is somewhat more mature than most rogue AV scams in that is will display some of the malware files it installs on the user's desktop, making it obvious that the computer has been infected - and so making the perhaps not so fake after all attack notification more believable.

Still, anyone with a modicum of common sense should be safe enough as they won't click through the links in an email telling them they have forgotten their Twitter password when they have not. The usual advice for those who are a little hard of thinking when it comes to matters of online security applies: always connect directly to the website concerned, or send a new email to customer support, rather than click links in any unsolicited email that arouses suspicion.

Saubhagya_Swain commented: k +0
InsightsDigital 57 Posting Virtuoso

Unfortunately, the spammers know that some people will click. Even with a CTR of 3% which is industry norm for links in emails, it is still about 1500. This is significant.

abeltenny0210 0 Newbie Poster

Do any body know why resetting the password?

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

It's a social engineering trick: user gets official looking email telling them they can reset their password as requested by following a link, users thinks someone has been trying to access their account and decides to reset the password just in case.

It will also catch those busy or security dumb folk who quickly scan an official looking password reset email and click the link without even thinking.

As InsightsDigital says, the click through rate may be low but you only need a few people to fall for any given malware scam and the numbers soon start adding up.

InsightsDigital 57 Posting Virtuoso

Unfornately, this happens more often than one would thought - it happens with Linkedin, AOL, Amazon, etc. That is why it is really important to look at the address of the redirect - not the address that the email claims it will take you.

redesignunit -4 Posting Pro in Training

I have not receiving any notifications yet :)

adriangana 0 Newbie Poster

I too have already encountered this incident.thanks for the info.

joelchrist -9 Posting Whiz

Thanks for the great info, But yet i dint get this notification.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.