Twitter users warned over ‘This you?’ attack

Twitter users have been warned to be careful of a new phishing scam that has exploded on the micro-blogging site.

Shortened links prefaced with a message asking “This you??” lead users to a fake Twitter login page where users are asked to enter their username and password, which automatically hands the information over to the hackers and spreads the scam through your followers list.

The attack arrives as a direct message, with many people unaware of the dangers of the link as it appears to have arrived from a friend. Other variations of the attack include “lol, this is funny.” and “Lol. this you??”

It harks back to the old days at the turn of the millennium of the original worms

With a substantial number of people using the same password for multiple accounts, and many Twitter users accessing the micro-blogging service by entering their email as identification, the information could effectively be used to access email accounts or other private data.

The Twitter attack “is very much an ongoing trend which we’ll only see continue,” said Greg Day, director of security strategy at McAfee Security Labs.

“What’s happening with Twitter is… it’s coming from a source you’re not expecting to be dangerous. Something like ‘Is this you?’ is designed to get an impulsive response.”

Similarly, Con Mallon, regional marketing manager at Symantec, said that the ‘this you??’ attack essentially functions “like a worm”.

“It harks back to the old days at the turn of the millennium of the original worms, which went through your Outlook dragging out contacts and emailing them.” He added that “we are seeing the evolution of [these worms]”.

“Obviously, when clicking on links such as these, a lot of security products and indeed browsers have anti-phishing devices which warn you of the link’s danger. This needs to be a wake-up call for this [anti-phishing software] to become more in tune so it can notify people of a potentially dangerous attack,” he said.