(click on graphic to enlarge)
(Twitter apparently is filtering this URL at this point.)
The link led to a phishing page that used the deceptive tactic of showing an error message: �Wrong Username/Email and password combination.� You login, it steals your Twitter password, sends the above Tweet to all your contacts and continuing rounding up passwords.
(click on graphic to enlarge)
If you�re �ill-informed� enough to log in to the phishing page, it snatches what ever username and password you�ve entered and passes you along to the Twitter log-in page. We made up a username and password and it took them. The real Twitter log-in page would have given you an error notification.
There are two pieces of evidence here that you�ve been phished: Firefox asks if you want it to remember the password which you just gave to my3gb.com � obviously the phishing site (up since July 12). And there�s the Twitter �sign in� button on the page. That wouldn�t be there if you had really logged in.
(click on graphic to enlarge)
This is phishing. The safe practice in this situation is: don�t log into pages that you get as links in emails. Go to the site yourself: type in the URL or use your bookmark.
Thanks "Just_this_time"
Tom Kelchner
No comments:
Post a Comment