Britain all atweet over Twitter phishing attack

A Twitter phishing attack has hit several prominent British Twitter users

The latest phishing attack on Twitter users swept the U.K. overnight claiming several prominent users.

The result was evident on Friday morning when users woke up to find messages on compromised accounts that read, "hey, i've been having better sex and longer with this here," followed by a link to a Web site selling sexual-performance drugs.

Although the number of people affected is difficult to determine, it made top news on the country's TV networks and news sites perhaps in part because of those affected. They include at least one member of Parliament and several journalists.

Ed Miliband, a British Cabinet member and the country's secretary for energy and climate change, tweeted on Friday morning, "Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam." The tweet had been removed from his Twitter stream.

Another of those who saw his account hacked was Matt Wells, head of audio at The Guardian newspaper, who tweeted, "Good morning. I am neither female, nor have I been having better sex lately. (Although if there are any offers...). First-time Twitterhacked." The offending tweet was still available on his page at time of writing.

Other reports said BBC correspondent Nick Higham and the country's Press Complaints Commission were also hit.

While some of the accounts are believed to have been hacked by software programs looking for weak passwords, at least some were through Twitter direct messages that tried to entice users to click through to see a message from a young, attractive woman. Upon clicking the link users were taken to a look-a-like Twitter log-in page where they were asked to enter their username and password.

Twitter posted a message to its Twitter Safety channel late Thursday local time warning users to beware of direct messages. "If you get a DM from an enthusiastic lady wanting to converse by IM, please ignore. User is likely compromised & request is spam."

The phishing attack mirrors a similar one a week earlier that saw messages asking "LOL this you?" sent to users.

It's the kind of thing that will persist on social networking services, said Graham Cluley, senior technology consultant at security company Sophos.

"The fact is that social networking accounts have a financial value," he said. "They can be used as a springboard for sending out more spam, malware or selling things."

Users on sites like Twitter and Facebook tend to feel safer when using the sites than others on the wider Internet but should be every bit as aware, he said. Messages received through the sites don't necessarily come from friends, but could be from anyone with access to the account.

Cluley said social networking services were starting to take phishing more seriously but are well behind Web-based e-mail services like Hotmail and Gmail. While those sites often filter messages and links, social networking sites are only just beginning to do so.

The problem can be worse on Twitter because of the 140-character message limit. It encourages the use of URL-shortening services that hide the site's identity., one of the most popular URL shortening services, recently started working with Sophos to scan links, said Cluley, but some others are yet to offer such a service. Many of the messages from Friday's attack were shortened using, a service offered by New Zealand's Bluespark.

"Ultimately it's you, the human, that needs to do [the filtering,] Cluley said. "It's up to you to decide to enter your username and password. Fixing that bug in people's brains is an upgrade we are not capable of."

Join the CSO newsletter!

Error: Please check your email address.

Tags twitterphishingUKsocial engineering

More about BBC Worldwide AustralasiaFacebookHotmailSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts