Thousands of Twitter users are finding that their accounts have been compromised, and are posting messages advertising a website which claims to help users attract more followers.
A typical message reads:
CHECK out this site, im a member of it, It gets you more followers: http://tinyurl.com/[removed]
Clicking on one of these links takes you to the Twtfaster website, which asks you to enter your Twitter username and password.
Of course, regular readers of the Clu-blog know that it’s never a good idea to hand over your login credentials to a third party, and that’s the case with this site too. Curiously, when I entered bogus information on the above screen it didn’t display an error message – suggesting that it might be created simply to scoop up users’ login details. Hmm.. that smells worryingly like a phishing attack to me.
Further investigation finds some small print on the Twtfaster website that suggests that they plan to use your account…
Read more in my article on the Naked Security website.