Twitter Phishing Scam Details

January 3rd, 2009 by Jerell | Filed under Twitter.

On Saturday January 3rd Twitter was hit with its first major phishing scam.

Basically folks were sent a Direct Message (DM) that said “Hey, I found a website with your pic on it… LOL check it out here” OR “hey! check out this funny blog about you…” in which folks were directed to a phishing website that looked identical to the Twitter.com webpage, and where they could enter in their login information.

Once the user entered in their information, the scammers would take that information, and send Direct Messages (DM’s) to everyone in their account, and the cycle would repeat itself.

If you did not enter your information into these phishing websites, then your Twitter account has not been compromised.  This means that if you did not give up your username and password, then you have nothing to worry about.

At the time of this posting the first site (jannawalitix) has been taken down showing the following screen capture:
hey! check out this funny blog about you… http://jannawalitax.blogspot.com/ *****THIS IS A PHISHING WEBSITE*** DO NOT ENTER YOUR INFORMATION***

Twitter Phishing Website Photo_blogger
 

The second phishing site, which is still currently active a the time of this writing
Hey, i found a website with your pic on it… LOL check it out here ….**THIS IS A PHISHING WEBSITE***http://twitterblog.access-logins.com/login/*****THIS IS A PHISHING WEBSITE

  Twitter Phishing Website Photo

 They put forth a lot of effort compared to regular phishing sites, as even the majority of the links are active.

Twitter Phishing Website Photo_About Us

A WHOIS search on Network Solutions identified this as a Chinese company with the following details:
http://www.networksolutions.com/whois-search/access-logins.com

Domain Name : access-logins.com PunnyCode : ACCESS-LOGINS.COM Registrant: Organization : zhang xiaohu Name : zhang xiaohu Address : changningzhonghuainanlu192hao City : changning Province/State : Hunan Country : CN Postal Code : 421500 Administrative Contact: Name : zhang xiaohu Organization : zhang xiaohu Address : changningzhonghuainanlu192hao City : changning Province/State : Hunan Country : CN Postal Code : 421500 Phone Number : 86-0734-3211451 Fax : 86-0734-3211451 Email : zhangxiaohu_0098@126.com Technical Contact: Name : zhang xiaohu Organization : zhang xiaohu Address : changningzhonghuainanlu192hao City : changning Province/State : Hunan Country : CN Postal Code : 421500 Phone Number : 86-0734-3211451 Fax : 86-0734-3211451 Email : zhangxiaohu_0098@126.com Billing Contact: Name : zhang xiaohu Organization : zhang xiaohu Address : changningzhonghuainanlu192hao City : changning Province/State : Hunan Country : CN Postal Code : 421500 Phone Number : 86-0734-3211451 Fax : 86-0734-3211451 Email : zhangxiaohu_0098@126.com
Current Registrar: XIN NET TECHNOLOGY CORPORATION
IP Address: 122.136.45.47 (ARIN & RIPE IP search)
IP Location: CN(CHINA)-BEIJING-BEIJING
Lock Status: ok
DMOZ  no listings
Y! Directory:  see listings
Data as of: 14-Jun-2005

WHAT YOU CAN DO

  1. Let folks know of this Phishing scam
  2. If you get a DM from a person with these subject lines, let them know that they need to change their password (if they still are able to)
  3. Read up on Twitters comments on Phishing
  4. Let others know about this post identifying the details behind the scam
  5. Thanks to the Twitter team for posing details on Phishing
    http://blog.twitter.com/2009/01/gone-phishing.html
    http://www.fraud.org/tips/internet/phishing.htm

UPDATE Sunday @7:50 PM MT

There are two new versions of this DM phishing scam are emerging… THESE URLS ARE PHISHING SCAMS DO NOT ENTER YOUR TWITTER INFORMATION

  1. Check out this blog type website. you need to see it..   http://bloggertwit.access-logins.com/login/
  2. heyy!!! i want u to see my blog!!   http://blogtwitter.access-logins/login

 

Summary of Phishing DM’s

  1. hey! check out this funny blog about you… http://jannawalitax.blogspot.com/
  2. Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-logins.com/login/
  3. Check out this blog type website. you need to see it..   http://bloggertwit.access-logins.com/login/
  4. heyy!!! i want u to see my blog!!   http://blogtwitter.access-logins/login

If you know of any more versions please let us know!

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • De.lirio.us
  • LinkedIn
  • StumbleUpon
  • Technorati
  • TwitThis

Share/Save/Bookmark

Tags: ,

« 14.0 Democratic Leaders & News Feeds on Twitter
Twitter iPhone DM Alert »

7 Responses to “Twitter Phishing Scam Details”

  1. Andrew Wentz | 4/01/09

    Funny, those are pretty much almost the exact same scams that facebook was plagued with a couple months ago. These scammers are really lacking in originality nowadays aren’t they?

  2. Richard McLaughlin | 4/01/09

    I got both DM’s today - but I am slow at following links that make little sense. If these had come from a close friend I may have opened them, but I would have seen the URL and not logged in.

    Stumbled because this is really good to know.

  3. Willem Kossen | 4/01/09

    I had a few DM’s that pointed to those two sites. Luckily I didn’t fall for the trick. Also, Google Chrome recognized both as possible phishing attempts.

  4. Lord Matt | 4/01/09

    I am forever telling people “always look at the domain name in the URL”. Sometimes it is the only clue. Well done on looking up the whois, I did that last night and then sleepily tweeted (@lordmatt) the wrong link. Doh!

  5. gforce414 | 5/01/09

    here is another version:

    fixed it.. hehe here is that blog i wanted to show you
    http://twitterblogs.access-logins.com/login

  6. Lauren Blaine | 15/01/09

    How ’bout http://be-a-magpie.com/start

    Legit?

    Thanks!
    Lauren

  7. kathijabanu | 17/06/09

    What about http://www.be-a-magpie.com
    Is it genuine or scam site?please reply soon.

Share Your Thoughts