Category: Phishing

Not going to Twittertrain.net, just a Phishing attempt!!

Paul

So you want to have even more followers, but you don’t know how to do it?   I’ve talked about [intlink id=”3647″ type=”post”]Getting more followers and tips and tricks to get the people you want[/intlink].  Now let’s talk about this to a point.

There seems to be automatic post going out with:

“OMG WOW Im getting 100s of followers a day, Check out this site: http://twittertrain.net”

[ad]Now going to the site and giving out your password is always a bad idea.   It seems to some people think it is easy to get followers but those who have built up your followers will know just how hard it is sometimes to get more.

I would be willing to guess this is a phishing attempt to get passwords and twitter names for later on.   Some would guess this will just become another way the spammers will use this to [intlink id=”3662″ type=”post”]spread Scareware[/intlink].  I am thinking they want to get your password and save it for later use like this or others where they can get more people to click links and buy there fake products.

Graham Cluely blog post about this website also has a video about the problems associated with website. If you have given out your password, I’d strongly recommend Reseting your password if you can log in just changing the password.

I’d also suggest having [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] installed to help prevent any malware that might be on your system now or later on.

If your really desperate for more followers, the best proven way is make friends and communicate.  This will make it easier for people to recommend you to other people.

Twitter and the Acai Berry Spammers

Paul2 Replies

Well According to Sopho’s There seems to have been some hacking going on for the Acai Berry spam. Some of the messages were:

acaiberrytwitterspam1It seems to be a random http://random.CN domain but we’ve talked about this in the past.  Sopho’s isn’t sure how this happen but I have a suspicion that it was a Phishing attack done on the facebook users recent weeks that have the hackers going to other social sites and trying those passwords.

[ad]Although I agree with Sopho’s on making sure not to have a dictionary word, I also think users should take care of all your online accounts.   As most people will become aware of is most users use only one password for all their accounts online or only have 3 different passwords for 20 different sites.  This is something that needs to change and you can do that with [intlink id=”2646″ type=”post”]Roboform[/intlink] to keep your passwords safe and also to make sure they can’t guessed.

If you have been compromised on t witter and only use one password, you can bet all you other accounts have been compromised as well.  You should change your passwords as soon as possible.   You should also make sure in the future not to be tricked into giving out your password which is called Phishing, in which a site with a different url is made to look like Twitter, Facebook, and Myspace log in page.

New Facebook Phishing campaign!

Paul

According to Sans Internet Storm,  They have seen some signs of a new Phishing campaign like the[intlink id=”3419″ type=”post”] Look at this Phishing campaign[/intlink] that went through a few weeks ago.  At the time of writing that report they weren’t being resolved they now are being resolved making you look like you are logging into Facebook:

Phishing look a like!! Phishing look a like!!

[ad]Sites that are hosting these are in Belgium and are Redbuddy.be, Redfriend.be, and picoband.be.     If you recieve this with these urls you best thing you can do is just to delete them.   Some people have said it is using the term “look at this” I am unsure as to is or not but you can usually tell because of the the URL and if it isn’t Http://www.facebook.com or Https://www.facebook.com then you aren’t logging into Facebook but are logging into a fake site.

We’ve talked about [intlink id=”2644″ type=”post”]why criminals want to use your account and why they need to get your passwords[/intlink].  I know they want to take control of your account for one reason or another but that is where the Facebook users need to keep watch on the URLS being displayed when you log into Facebook.    If you did that then you are one step ahead of the nefarious criminals and can be at peace.  Just like the Look at this campaign if you did visit those sites and given out your password it is strongly recommended to reset your password.

Update #1 — More Domains have been created areps.at, greenbuddy.be, vispace.be, whiteflash.be, and bestspace .be . All these domains resolve to 211.95.78.98 And can be determined by going to Http://www.dns.be or http://www.dns.at  .   It looks like the server is hosted in China.  I wouldn’t be surprised if t here were even more domains going to be regestered that were in Belgium!!  On a Side note it seems all these have a malicious hidden iframe in them so “DON”T Visit them unless you know what your doing“.   I suspect that is how they are keep having people post to Facebook about these but that is only my theory!!  (Thanks Sans Internet Storm for all those updates)

Upgrading to Twitter Pro — ztrx.net Phishing attempt in the wild!!

Paul

I just got this alert from a friend of mine and I thought I would share it with you.  It looks like there is a new phishing attempt going on with websites try fool it’s users into going http://ztrx.net and From the looks of it. It looks like this:

twitterprophish1

[ad]The message some users got were:

Upgrade to Twitter Pro – Visit http://bit.ly/[CENSORED] to upgrade your account

It seems that if you get this message on your account you should report it to @Spam and let them know. If you happen to get given out your password it is strongly recommended that you reset your password to prevent any further unauthorize access to your accounts. You should change your password as soon as possible. This is the first attempt they have tried this this weekend so be on the look out for more phishing attempts.

Facebook and Twitter Phishing going on today!

Paul

According to Techcrunch we have one phishing site ground around peoples inboxes on facebook with it say “Check areps.at”.  You go to the site and you will think your at the facebook login but your not.  I wouldn’t suggest going to any of these sites, it has been reported by Phishtank.

[ad]Some of the sites to avoid today are : “nutpic.at, bests.at, areps.at, kirgo.at” each site will make you think your at facebook but this is what most will call a [intlink id=”3419″ type=”post”]Phishing scam[/intlink].  Some other things to avoid are some Twitter phshing going on today as well.

According to Trend Micro there is one where the url looks like it is a twitter url but isn’t (tvviter[dot]com).  The site is what people would call a typosquatting site.   This makes people think they are on twitter but aren’t.   If you go to these to sites and have given out your passowrd, it is strongly recommended that your reset them:

Facebook password reset page

Twitter password Reset Page

If you would like to know more about what phsihing is please check out my blog for more information.  Don’t forget to check out the forums for more information on this or just to talk about anything on your mind.

*Some reports I am seeing is some of these sites might be trying to get you to install the [intlink id=”2249″ type=”post”]Koobface virus [/intlink]so please be careful, will update when I find out more.*