Search This Blog

"how did u not seee them tapping u" Twitter DM leads to Phishing page

Did you receive a DM from a friend on Twitter saying "how did u not seee them tapping u"?  Be careful if you got this message , the link provided in the DM leads to phishing page.

Today, one of EHN's reader has contacted us regarding the spam direct message.  The DM contains the following message:
"how did u not seee them tapping u [facebook_Link]"
The link provided in the spam message is a legitimate Facebook URL "hxxp://".  It redirects to the 'hxxp://'.

I was surprised to see the page.  The Twitter phishing page is being loaded inside the facebook app.  It ask users to login in order to watch the video.

If you enter your twitter credentials in the page, you will be handing over your login details to cyber criminals. The hackers will use your login credentials for spreading their phishing attack further by sending DM to your friends.

Twitter phishing inside facebook app

After further analysis, we have discovered that phishing page is being loaded and data is being sent to 'tweetcatcher[dot]info'. The domain is registered on 27-Sep-2012 under "gaylordjohnson03[dot]".

There are more than 35 domains registered with this mail address. All of them are used for phishing attacks. I've listed some domains here:

"all those receiving odd messages - i did not send them do not open link i do not know what it contains" one of the victim tweeted in Twitter.

We recommend users not to click the links provided in these type of DMs.
Share it:

Spam Report