Thursday, August 18, 2011

Twitter: “ Twitter Might Start to Charge in October, Sign This Petition to Keep the Service Free ” Scam is Spreading Fast

By Cesar Ortiz
In this variation of the “scares” scam, hackers are attempting to steal your user name and your password and in turn, your private credentials, and in effect, take control of your account for hidden criminal actions. Users will receive a message from one of their friends passing up the “news” of a possible monetary charge for the social service. Hackers are using human social engineering in making sure they are not mentioning a final determination to charge, but rather they mention that there is a “possibility”. Users will think that there is no harm to sign such a petition. The research firm Sophos warned of the scam originally. In the scam scenario,one of your friends that already have fallen in the scam will unknowingly send you a message post that will say:

"Twitter might start to charge in October, sign this petition to keep the service free! -URL- http:/bitly.zxxx[Link]”

Let’s pretend for a moment you are the victim user. When you click on the short link to access your petition, a problem “appears” to happen. You are then presented with a very, very Twitter professional looking frame with logo and perfect colors and typefaces (a fake). In the window you are warned that your session has timed out and that you need to "re-authenticate" and login again. Users will “need” to proceed and type their password and user name in the Twitter fake window. As soon as the user clicks the login button, a hidden script will propagate the same message received about the scam to all his or her friends, therefore propagating the scam. The same script will record your credentials.

Needless to say, the “petition” is not shown anywhere. Unsuspecting users that clicked the short link may expect that many other unknown actions will take place from that point on, since the criminals have the user name and password. Users who fall into this trap should move quickly and do the following:

(1) Change your password immediately.

(2) Go to the Twitter Web Site using a PC, if you can, and revoke any application with a related name to the scam and revoke and delete any unknown posts, photos, API’s and any post, friends or anything else that does not look familiar to you. Remember, the scammers had full access to your account and a malicious script can create and post anything using a hidden malware. Be on the look out for scam e-mails and scam phone calls. Take your time on this task. Twitter is aware of this scam and is taking measures to block, warn users and mitigate the scam damage, but scammers will change the location of their DNS servers and URL’s sites very fast to keep the scam alive.

(3) Notify your friends of the scam and help them clean up the mess, make sure that you mention that you did not send the scam related post willingly, but rather unknowingly.

(4) Run your anti virus in full scan mode and make sure you set the anti virus program menu to "Real Time" scan.

No comments: