Twitter Phishing Scam exploiting your unhealthy Curiosity

A few days ago, I felt sick to my stomach when I opened the following direct message on Twitter from reporter Greg Bensinger, a person I follow who doesn't follow me.

How will you respond, if someone tells you that a third person is saying really bad things about you?

In most cases, in order to satisfy your unhealthy Curiosity, you will try to know what else that person said about you; before even bothering to suspect the intentions of the second person. But, this is human nature.

Scammers, who are known to take advantage of human behavioral shortcomings, are also known to exploit the above pathological curiosity of humans, all the time.

One of the prominent Phishing Scams circulating on Twitter these days does just that.

The scam informs a Twitter user, by way of Direct Message or DM, that “someone on Web is saying really bad things about you or your blog” OR "I saw a real bad blog about you, you seen this? ". The single line message is followed by a link. Arousing the morbid curiosity in the user, the scam makes the user click on the link in the message, reach a Twitter like Page, submit his/her username and password, and thus take control of the user’s Twitter account to send out spam tweets for money.

What is the modus operandi:

It all lies on the link and the page on which the very worried/furious Twitter user reaches.

When the user clicks on the link in the DM, he/she reaches Twitter's homepage asking him/her to log back in. But here is catch here, the page the user lands on, may look like that of Twitter’s, but it’s actually "" Notice an extra ‘l’ in the name. The resemblance to authentic Twitter page and cleverly placed ‘l’ in the name, keeps the phished user unawares.

Web security firm, Sophos has identified this "real bad blog" OR “Saying Really bad thing about you” DM as a Twitter phishing attack making the rounds.


Although, many will recommend you a good anti-phishing product to save you from that Twitter phishing site; one of the easiest ways to remain protected from such scams, is to use one’s common sense, and press the delete button as soon as something betrays logical thinking.

If you suspect, any weired activity on your Twitter account, immediately change the password and the email linked to the account. Also report to Twitter. --------

No comments