{"id":2322,"date":"2010-02-24T16:15:47","date_gmt":"2010-02-24T23:15:47","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=2322"},"modified":"2018-01-30T13:18:05","modified_gmt":"2018-01-30T20:18:05","slug":"twitter-phish-floods-network-with-short-urls","status":"publish","type":"post","link":"https://www.webroot.com/blog/2010\/02\/24\/twitter-phish-floods-network-with-short-urls\/","title":{"rendered":"Twitter Phish Floods Network with Short URLs"},"content":{"rendered":"

\"\"\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"Add<\/a>\"\"<\/p>\n

\"\"<\/a>All day, I’ve been getting reports from my Twitter<\/strong>-using friends and acquaintances<\/a> that they’ve been receiving tweets of short URLs. I took a look and it looks like another phishing campaign aimed at users of the social network is underway. The short URLs, prefaced with the message “This you???<\/strong>” lead to a fake Twitter login page.<\/p>\n

The fake login page is hosted on a domain that points to a server in China. Other domains that are currently hosted on that same server’s IP address, including bzpharma.net<\/strong>, have previously been implicated in earlier Twitter spam campaigns<\/a>. The same domain appears to also be attempting to phish credentials to AOL’s Bebo social network, and has reportedly begun spamming users with fake pharma ads.<\/p>\n

It appears a lot of people may get tripped up in the rush to see what the link is all about. After you type anything at all into the phishing version of the Twitter login form, your browser is redirected to a hastily created, empty blog page on Blogspot<\/a>. Meanwhile, the tweets keep on coming.<\/p>\n

Just a reminder to our Twitter fans: Please look at the address bar before you enter your Twitter credentials. As you can see from the screenshot above, it’s painfully obvious that this is not the legitimate twitter.com URL.<\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

All day, I’ve been getting reports from my Twitter-using friends and acquaintances that they’ve been receiving tweets of short URLs. I took a look and it looks like another phishing campaign aimed at users of the social network is underway. The short URLs, prefaced with the message “This you???” lead to a fake Twitter login […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4133,4499,4849,7337,6791,4635,4487,4521,3919,3539,7331,3699,6603,7335,4721,7329,7333,3529,3471,4201],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/2322"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=2322"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/2322\/revisions"}],"predecessor-version":[{"id":23919,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/2322\/revisions\/23919"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=2322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=2322"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=2322"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=2322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}