Over the weekend we saw a link being pinged around in various chatrooms, which was directing users to a “mobile” version of Twitter. The page was a phish located on a free webhost:
What particularly caught my eye was when I dug around on Twitter itself for the URL. Check out these posts from 2009:
We have a Twitter account with “Facebook” in the name (a dirty big clue that something isn’t right here), sending out links to a “lighter version of Facebook”…which takes you to the fake Twitter page.
I’m sure it made sense to the creator at the time, but anyway. This was a clear attempt to grab some high profile accounts and use them for shenanigans:
Warren Sapp, retired American Football player.
Alison Sudol, singer / songwriter with a rather large follow count.
Pete Wentz from the band Fall Out Boy, with an even bigger collection of followers.
It doesn’t look like any of them ever sent out spam, infection or phish links so hopefully they didn’t take the bait – there could have been a bit of a Fall Out (oh ho ho) from that eventuality. The phish URL had quite a bit of action going on:
Fake Facebook and Twitter pages, along with a stolen password page for each. Luckily neither password dump appeared to have any valid accounts in them – everything we saw was either random garbage or humorous and entertaining messages left for the phisher, usually with a record number of swearwords thrown in for good measure.
Of course, we’ve reported all of the above and while the rogue Twitter account is still live (though probably not for long), the URL it happens to be pointing to looks like this:
Click to Enlarge
“The site in question was violating our ToS and was removed”.