Many users of twitter were tricked to divulge their login and password information to a site called TwitterCut, which in turn spammed all the received contacts. Once the social platform users provided their information, they received messages that seemed to have been sent by a friend, with a link to TwitterCut website. This message stated that it was possible to get more Twitter contacts just by following the link.
The same message was sent to all contacts of the victims who had entered their login details. This resembled a worm-like phishing attack where no malicious software was installed on the victim's machine.
However, although TwitterCut has the login details of many accounts, these accounts were not used to spam out links to dangerous websites. All this has led to TwitterCut's website being blacklisted as a potentially harmful website. The site is still active, and the site operators have delivered a bulletin stating that they had not meant to phish people.
Planned to start a train
Their objective was to start a Twitter Train, a site that gives the social platform users lots of followers. As the site had no intention of phishing, Twitter accounts and all the confusion that has taken place recently, the site operators are planning to shut down the site.
TwitterCut is a relatively new site, which was open for less than three days, and doesn't even have all its features running yet. It was the indexing of the site by Google's search engines that had brought huge numbers of the social network users to it.
Moreover, TwitterCut's site operators informed its users that they would be sending a message to the users' friends. So this meant that what TwitterCut did was not actually spam.
9,000 unique hits in a day
TwitterCut site's owner Embry says that he plans to scuttle the domain as it was blacklisted, and that they were not interested in retaining the login details of all its users. However, Embry has ideas of creating another service that lets Twitter users get as many followers as possible, as it was making money from ads. Miraculously, TwitterCut received 9,000 unique hits on a single day, Tuesday.
To prevent such phishing incidents in future, the social platform is advised to be on the lookout for spam signs and to screen URLs to ensure that they don't get blacklisted for security reasons.
After acknowledging the phishing problem on Tuesday night, Twitter has decided to have the password reset on accounts that they believe were caught in phishing scams. The company states that the user has to their judgment when providing their username and password to third parties.
The same message was sent to all contacts of the victims who had entered their login details. This resembled a worm-like phishing attack where no malicious software was installed on the victim's machine.
However, although TwitterCut has the login details of many accounts, these accounts were not used to spam out links to dangerous websites. All this has led to TwitterCut's website being blacklisted as a potentially harmful website. The site is still active, and the site operators have delivered a bulletin stating that they had not meant to phish people.
Planned to start a train
Their objective was to start a Twitter Train, a site that gives the social platform users lots of followers. As the site had no intention of phishing, Twitter accounts and all the confusion that has taken place recently, the site operators are planning to shut down the site.
TwitterCut is a relatively new site, which was open for less than three days, and doesn't even have all its features running yet. It was the indexing of the site by Google's search engines that had brought huge numbers of the social network users to it.
Moreover, TwitterCut's site operators informed its users that they would be sending a message to the users' friends. So this meant that what TwitterCut did was not actually spam.
9,000 unique hits in a day
TwitterCut site's owner Embry says that he plans to scuttle the domain as it was blacklisted, and that they were not interested in retaining the login details of all its users. However, Embry has ideas of creating another service that lets Twitter users get as many followers as possible, as it was making money from ads. Miraculously, TwitterCut received 9,000 unique hits on a single day, Tuesday.
To prevent such phishing incidents in future, the social platform is advised to be on the lookout for spam signs and to screen URLs to ensure that they don't get blacklisted for security reasons.
After acknowledging the phishing problem on Tuesday night, Twitter has decided to have the password reset on accounts that they believe were caught in phishing scams. The company states that the user has to their judgment when providing their username and password to third parties.
Source...