Gone Phishing

There is a Twitter phishing scam going around at the moment that I’m unhappy to say I fell right into.  This quick post is just a warning to anyone who reads it to hopefully help them not do the same thing.

I’d been off the grid for a few days so I hadn’t heard the news about this scam, but it’s been floating through the Interwebs for 2 days apparently.  It did strike me as odd when i clicked on it that I had to relog in to Twitter, but I’d been playing with different browsers so the fact that it was asking me for a password didn’t seem all that unusual.  Of course, I should have taken more notice of the URL that was in the address bar, but I was too late.

I got a direct tweet from John Pearce that said…
“fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-logins.com/login” 

I know John. I trust John. So I clicked it.  It asked for a password, which as I mentioned, was not unusual considering I was trying a new browser (so the password wouldn’t have been already saved in it)  I realised what I’d done almost immediately but by that stage it was already too late.  Bugger!

Since then I’ve had a steady stream of people informing me that my Twitter has been compromised and I’ve now updated the password.  Thanks for the heads up folks.  It’s all fixed now.  And judging by the talk on twitter, I’m not the only one to fall for this scam.

What I found interesting is how easily we can be tricked when there is an element of trust involved.  I’m normally pretty vigilant about suspicious files and links, but I didn’t really question the offending tweet, since I trust John Pearce.  It goes to show the sort of damage that can be inflicted when the troublemakers are able to bring phishing down to a really personal level.

CC BY-SA 4.0 Gone Phishing by Chris Betcher is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

One Reply to “Gone Phishing”

  1. Yo Chris,

    You’ll be pleased to know that you were not the only one phished, (as well as durr me). Sorry ’bout that ‘cos as you just like you I am usually so alert to these types of things, (I’m always the one that rains on the parade of colleagues who want to share those heartwaming messages about miracle cures caused by dolphins who are owned by adorable single women in Russia and who also have bank accounts in obscure African countries via Snopes). Coincidentally my wife has just checked her junk email and lo there was a DM to her, (now summarily dismissed). As to rationalising how I was taken in on this one again I can only suggest a mixture of trust re Twitter colleagues and being on hols in balmy beach weather :). Again apologies….

That's all well and good, but what do YOU think?