Phishing: The Easy Way to Compromise Twitter Accounts

Last week, Twitter announced that the details of around 250,000 of its users may have been compromised before it discovered and stopped an attack on their network. There is not much you can do when attackers go straight to the service provider to try to steal your data; however, it is also common for attackers to approach the end-user in order to obtain account details. Phishing is a popular tactic used to steal account details this way. When thinking of phishing attacks, people usually think of bank account or credit card details as the type of information that is stolen but social network account details are also a popular commodity for attackers.

Attackers see phishing on social network sites as an easy way to trick users into giving their credentials away. So let me take this opportunity to go over one particular attack that has been taking place on Twitter over the last few months and show you how this type of scam works.

It starts out with spam in the form of a direct message (DM) or a tweet that asks the user to click on a link in order to view a picture of them.

Figure 1. Spam message

If the link is clicked, the browser is directed to a page that informs the user that they need to sign-in to their account to proceed. The page looks like it belongs to Twitter but it is actually a phishing page hosted on a server prepared by the attacker.

No matter what is entered into the login fields, correct or incorrect credentials, the user will appear back in their session.

Figure 2. Fake Twitter login page used in phishing attack

However, another fake page informs the user that the page they were attempting to visit does not exist.  The page then redirects back to the legitimate Twitter page and the user is unaware of anything malicious having taken place.

Figure 3. Fake page purporting that the  page the user was looking for does not exist

Looking at the network data captured during one of these phishing attacks, you will see that the stolen account details were posted to the attacker’s server hosting the fake Twitter login page.

Figure 4. Network data showing location stolen data is sent to

Later, the account will be hijacked and used to distribute spam that leads to sites such as the one shown in Figure 6 advertising diet supplements.

Figure 5. Spam message

Figure 6. Advertisement that some spam messages link to

Many of you may be watching out for phishing attacks when it comes to entering your bank account or credit card details online, but you may not be as cautious when entering account details related to social networking sites. The attackers are aware of this and use it to their advantage.  The end result in the example discussed in this blog is not incredibly severe, but much more damage can potentially be inflicted depending on the machinations of the attackers.

As mentioned earlier, there is not much you can do when it comes to hackers attacking the service provider to steal your data, but you can definitely protect yourself from scams such as phishing.

Always be suspicious of links sent from unknown users. Also, accounts are hacked all the time so even if a link is sent from someone you know it does not mean it is safe. It is also recommended that users install security software that protects against phishing attacks such as Norton Internet Security.

You can also make sure your online accounts are more secure by using passwords or passphrases that are difficult to guess and are not in the dictionary. Ideally a combination of upper and lower case letters, numbers, and special characters should be used. It is also recommended that different passwords be used for each account; that way, even if one account is compromised, the others will stay safe.