Cyber-criminals are trying sophisticated attacks: Trick Twitter into sending you a valid email (or watch for when they do) and then send out their own identical but fake emails.
What happened this weekend is a variation on techniques cyber criminals have tried before. They provoked Twitter into sending out emails, and then sent their own, fake email out after the real ones started to go out. The fake email is a spam posing as a Twitter Password Reset Notification.
To learn more about how to safely change or reset your password, visit the following Twitter help topics:
What happened?
- There was an attack on many Twitter accounts.
- Twitter reset the passwords of many accounts and sent an email with a link to reset those passwords.
- The criminals then sent out their own email with a link, looking exactly like Twitter’s email.
Clicking the real link in the real email let you reset your password. Clicking the link in the fake email takes you to a compromised web site that prompts you to download a malicious executable named password.exe (source). The fake email looks like the real one:
To learn more about how this attack works, see:
{ 1 comment… read it below or add one }
It’s sad when people find something good there is always someone who wants to do bad with it. If we keep each other updated at least we can try to stop it from happening.
I wouldn’t think anyone would fall for that but then again that must be what they were planning.
I suppose we will have to keep mind what is right and off center.
Thanks for the update.
{ 1 trackback }