Hacked Twitter accounts

Although we are not one of them, there have been a series of “Twitter” accounts that have been compromised through a scam whereby users were lead to enter their log in details at a fake Twitter site, thus handing account details straight to someone else.

These details were used to send spam through direct messaging. We recieved three direct messages and notified the users immediately to change their password.

The Register report is here.

As details were handed over unwillingly via a phishing attack, even a strong password wouldn’t have prevented this. So how do you avoid this kind of attack?

A phishing attack is one where the user is lured into handing over account details to a site that looks completely legitimate. This can be either through E-Mail, or clicking through somewhere which then guides you to the fake site.

Therefore, if you recieve anything via e-mail from anyone like Twitter, Facebook, or even the major banks such as Lloyds or HSBC, asking you to click on a link to verify account details (or similar words), the chances are its fake as they, especially banks, will not ask for your personal details via e-mail.

Also, just be wary of the web address you are visiting. ‘twitter.com’ is what your looking for. ‘twitter.something.somethingelse.domainname.net’ is not legitimate.

Check these reports on the Sophos website, here and here.
If you are a supported client and you are ever unsure, give us a call.