Video of Twitter Phishing: The BZPharma ‘LOL this is funny’ Attack

A phishing attack that began striking U.S. Twitter profiles last weekend is still going strong and isn’t showing any signs of letting up. As VentureBeat reports, the scam operates through a direct message reading, “Lol. this you?” Once users click on it, they’re sent to a fake Twitter login page, where they could be tricked into revealing their login and password.

The DM Messages include

Lol. this is me??
lol , this is funny.
Lol. this you??

followed by a link in the form of

http://example.com/?rid=http://twitter.verify.bzpharma.net/login

Do we need to mention that if you get a message like this, DON’T click on it?

Here ‘example.com’ can vary. As we have seen many variations of the URL in its entirety, you would be wise to avoid clicking on any links which refer to bzpharma.net at the very least.

After the first attack wave, however, the phishers are now using the compromised accounts to send out spam, which resulted in a huge amount of V!agra-related messages on Twitter, which read something similar to this: “Get bigger and have s3x longer. go here”, followed by an address that leads to a s3xual enhancement site.

IT security firm Sophos now has detailed info on the attacks and here is a video describing this Phishing scam:

Sophos researchers discovered that although the main wave of poisoned messages has been via private direct messages between individual users on Twitter, dangerous links are also being posted in public feeds. This means that innocent users can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.

“This phishing attack has been causing headaches for Twitter users all weekend, resulting in thousands of users being put at risk of having their account broken into,” said Graham Cluley, senior technology consultant at Sophos. “It appears what is happening is that the messages are being shared more widely because of third-party services like GroupTweet which extend the standard Twitter direct message (DM) functionality and allow private messages to be sent to multiple users and optionally made public,” continued Cluley. “This has resulted in the bizarre site of Twitter accounts warning their followers about the phishing attack, only to subsequently fall victim to it themselves.“

Sophos also reports that the site being used for the Twitter phishing has also been constructed to steal information from users of the Bebo social network. Affected users are advised to change their passwords immediately.