Twitter recently announced that the details of around 250,000 users may have been compromised before it discovered and stopped an attack on their network. Over the past few months, the Symantec response team has observed one particular attack taking place on Twitter.
It starts out with spam in the form of a direct message (DM) or a tweet that asks the user to click on a link in order to view a picture of them.
If the link is clicked, the browser is directed to a page that informs the user that he needs to sign-in to his account to proceed. The page looks like it belongs to Twitter but it is actually a phishing page hosted on a server prepared by the attacker.
No matter what is entered into the login fields, correct or incorrect credentials, the user will appear back in his session. However, another fake page informs the user that the page he is attempting to visit does not exist. The page then redirects back to the legitimate Twitter page and the user is unaware of anything malicious having taken place. Later, the account will be hijacked and used to distribute spam that leads to advertising sites.
Symantec advises users to always be suspicious of links from unknown senders. Also, accounts are hacked all the time, so links that you receive from someone you know do not mean they are safe. It is also recommended that users install security software that protects against phishing attacks such as Norton Internet Security. To make your online accounts more secure, use passwords or passphrases that are difficult to guess, ideally a combination of upper and lower case letters, numbers, and special characters should be used.
Source: Symantec Blog