Security phish strikes a bum note

Crooks tune in to net unwary

Fraudsters have launched an attack which aims to trick users into handing over their login credentials.

The assault is the latest example of cybercrooks applying phishing techniques towards Web 2.0 sites, such as Twitter and, as well as the traditional targets of online banking and ecommerce sites. Part of the reason for this could be that some surfers tend to use the same passwords for low sensitivity sites, such as, as well as more sensitive locations, such as webmail and even online banking accounts.

The attack against users starts with a message to their shoutbox that typically says “hey - check out this blog with ur pic" and an abbreviated URL. Music fans who follow the link are redirected to a faked login screen.

The domain associated with the attack is hosted in China and associated with several previous login harvesting attacks, Trend Micro reports. Trend's write-up of the attack, including screenshots, can be found here. ®

Sponsored: Data Loss Prevention & Data Theft Prevention