Twitter Phishing Attack Hooks UK Cabinet Minister - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Operating Systems
01:07 PM
Connect Directly

Twitter Phishing Attack Hooks UK Cabinet Minister

The company is warning people not to surrender personal details to fake Twitter login pages.

A phishing attack on Twitter has claimed several high-profile victims including a British cabinet minister and a bank.

Ed Miliband, the U.K's Secretary for Energy and Climate Change, on Friday found his Twitter account sending out spam tweets promoting sexual enhancement products.

U.K.-based security company Sophos says that Miliband appears to have been duped into revealing his login and account details by a series of attacks identified earlier this week.

The attack relies on the phrases "This You????" or "LOL this is funny" to get Twitter users to click on phishing links.

Those links take victims to a look-alike Twitter login page that turns entered information over to the cybercriminals behind the campaign.

Twitter on Wednesday posted a warning about this particular scam. "If you receive a DM or see a message with a phrase like 'This you??' or 'LOL is this you' followed by a link, please do not click through; there's a phishing site on the other side," the company said on its status page.

First Direct, an Internet and telephone banking subsidiary of HSBC Bank, on Friday acknowledged being victimized in a Twitter post: "Hi all, I'm sure you can tell, but we were hacked last night - please disregard any inappropriate tweets that purport to come from us!"

Recognizing the potential brand damage, the bank quickly clarified that only its Twitter account had been compromised and that no customer personal data had been revealed.

Other victims in the U.K. reportedly include Labour party deputy leader Harriet Harman and journalists from the BBC and The Guardian.

F-Secure, a security company based in Helsinki, Finland, attributes spammers' interest in compromised Twitter accounts to recent efforts by Google, Microsoft, and Yahoo to integrate nearly real-time data, like Twitter posts, into search results lists. This allows spammers to use Twitter and other social communication tools to target keywords associated with current news events, in order to secure prominent placement for their malicious links.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Gartner Forecast Sees 7.3% Shrinkage in IT Spending for 2020
Joao-Pierre S. Ruth, Senior Writer,  7/15/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll