Twitter phishing attack in progress — don’t click on “lol, is this you??”

If you receive a direct message on Twitter that says, “lol, is this you,” don’t click it. The link will put up a fake Twitter login page, potentially tricking you into giving the phisher your Twitter login and password.

The phishing messages look like this:

“Lol. this you?? http://divinelink.net/?rid=http://twitter.verify.bzpharma.net/login”

Warnings of the attack began circulating on Twitter in the U.S. on Saturday afternoon. “The attack appears to be utilizing the SmartName domain parking service, which allows redirects to third-party sites,” said Jesse Stay, founder of the SocialToo Twitter enhancement service. “The DMs appear in the form of a legit URL, followed by something to the effect of ?rid=http://twitter.verify.bzpharma.net/login in the URL. Those URLs redirect to the latter URL, which is a phished site that looks like the Twitter login page.”

Stay was happy to point out that SocialToo’s automatic spam filtering for Twitter direct messages blocks the attack automatically for his customers. As of 6 pm MountaIn time in Stay’s native Salt Lake City, he said SocialToo had blocked more than 600 of the messages. “To enable the Phishing protection on SocialToo,” he wrote, “users have to either enable the DM E-mails in their preferences (these replace Twitter’s DM E-mails and will be a premium feature in the future), or create at least one DM Filter in their preferences.”

“These numbers are still going up as we speak,” Stay added, “so Twitter has still not put an end to the problem.”


Mobile developer or publisher? VentureBeat is studying mobile marketing automation. Fill out our 5-minute survey, and we'll share the data with you.