Sophos is warning users about the latest wave of cyber crime spreading across Twitter – a phishing attack designed to steal login details and hijack accounts.
Messages asking, "This you????", followed by a link to a bogus Twitter login page, have caused such a scare on the micro-blogging network that the phrase is currently a hot trending topic on the site.
The attack, which is the latest in a storm of phishing attacks that have occurred on Twitter since the weekend, is designed to steal passwords and could use hijacked accounts to spread money-making spam campaigns, steal identities and distribute malware.
The "This you????" messages are accompanied by clickable links which take unsuspecting users to a fake Twitter login page. Users, who are tricked into believing they might see a picture or information about themselves, may enter their username and password without thinking about the possible consequences.
"Twitter users have been battered with phishing attacks in the last few days, all taking advantage of people's curiosity," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "If you click on the link and enter your details you could be handing your online identity over to hackers. They can not only use your username, email address and password to spread more attacks via Twitter, but can also try your credentials at many other websites – potentially opening your other online accounts to abuse. Anyone hit by this kind of attacks must change their passwords immediately."
Myroff adds that crime on social networks is on the rise. “We saw a 43% rise in the number of people reporting being phished via such sites in the last 12 months, and the way things are looking that figure can only go up. As social networks grow in size and power, more and more hackers will be attracted to committing crimes via these sites."