Tumblr users have been targeted with an aggressive phishing campaign in the last week or so and are still being lured into entering their login credentials for access to adult content.
And it seems that the scheme is working very well – GFI researchers have accessed one of the dropzones for the stolen credentials and have discovered a massive amount of data.
What makes this phishing scheme stand out from others is the fact that the scammers are using the compromised Tumblr accounts to set up more and more phishing pages:
Various domains were also used to perpetuate the scam, including tumblriq(dot)com, tumblrlogin(dot)com and tumblrsecurity(dot)com – all registered in the last few weeks to bogus clients.
“The problem has become so pervasive that regular Tumblr users are setting up dedicated anti phishing sites to advise users of the problem,” say the researchers.
Also, Tumblr has created an automated reply for people reporting the scheme, in which it advises affected users to reset the password for their account, to remove the fake login template by choosing a new theme and to “unfollow” all the blogs their account is following thanks to the scammers.
“What does somebody want with that many Tumblr logins?” ask the researchers. “We can only guess. The stolen accounts could be used as some form of advert affiliate money making scam, or maybe we could see lots of pages with survey popups pasted over them. There is the very real possibility that the Tumblr accounts are simply a way to test if those users are logging into other services with the same credentials – at that point, everything from email accounts to internet banking sites could be fair game.”