Twitter users targeted by BZPharma phishing attack

The latest attack on Twitter users took the form of the fascinatingly curiosity-raising phrase “Lol. This you??” and it’s variants “Lol. this is me??” and “Lol, this is funny.”

Apparently, there are people out there who still can’t resist such invitations or click on links without thinking or taking a good look at them. If they did, they would notice that the URL is not the true Twitter login page, but one that will redirect them to a phishing page located at http://twitter.verify.bzpharma.net/login:

But, even if the user follows the link, no harm is done if Twitter login credentials aren’t entered and the “Sign In” button clicked on. But, once this is done, the user can look forward to his account being used for propagation of pharmaceutical spam.

This fake login process is cleverly executed not to raise immediate suspicion in the user. Upon signing in, the so-called “fail whale” – Twitter characteristic message that let’s you know the service is currently working over capacity – is shown, and the user is redirected to the legitimate Twitter homepage.

Graham Cluley reports that the interesting thing about this attack that some people who noticed it and warned other users, had the offending message published on their feed because services like GroupTweet allow private messages to be sent to users and (optionally) be published on the recipient’s feed.

Users are advised to change their passwords as soon as they notice their account is used for spam, but also to change their password regularly to minimize the possibility of such misuse.