Sophos, the security outfit, has issued a warning for users of Twitter to be on the lookout for an evolving phishing attack which could steal personal data if they are not very careful. Already thousands of Twitterers are thought to have received messages from their friends which invite them to visit a specific website for a number of various reasons. Amongst them, it seems, is Stephen Fry.
According to reports the bait used in the messages can be anything from the lure of winning an Apple iPhone through to promises of funny pictures or blog articles supposedly about the recipient of the message.
Usually, I would suggest, anyone stupid enough to follow a link to something that says "Hey, i found a website with your pic on it... LOL check it out here" deserves everything they get. But these messages come from your friends accounts, giving them a certain amount of authority and painting them with a certain amount of trust. Indeed, if a close friend sends you a message saying "hey. i won an iphone! come see how here" then you might be tempted to do just that.
Of course, follow the link and you arrive at a bogus Twitter page designed to steal your login name and password. Doh!
According to various reports one person who was fooled was none other than UK celebrity and host of the popular QI television programme, Stephen Fry. Sophos, for example, says that he "unwittingly clicked on the link without realising that he was being taken to a potentially dangerous website" although there is no evidence to suggest that his account has been compromised in any way.
Fry has tweeted himself that he received some 20 of these phishing messages offering free iPhones, saying "Lawks. Hope I haven't been phished for all my details. Clicked on scam URL last night before I knew what it was. Eeek."
"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as an alarming 41 percent of internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," said Graham Cluley, senior technology consultant at Sophos. "Twitter users who may have lost control of their accounts need to change their passwords as a matter of priority before more harm is done. Compromised social networking accounts are valuable for hackers as they can use them for a springboard for spam campaigns, identity theft attacks and other online crime."