Security bods Sophos are warning that what’s been called the ‘LOL’ phishing attack is continuing to fester on the web, and not just by direct message.
The attack lures unsuspecting users into giving away their Twitter credentials by clicking on messages like, “lol, this is funny,” and then having them sign into a fake Twitter page – thus handing over their account details over to nefarious hackers.
Messages seen so far include:
Lol. this is me??
lol , this is funny.
ha ha, u look funny on here
Lol. this you??
If you’re daft enough to respond to such a message and input your details, you’ll then see the Twitter “fail whale” screen saying that Twitter is over capacity, before being taken to the real Twitter main page, with all your login details now purloined.
The phishing site behind this is bzpharma.net site which, oddly, seems to be set up for stealing the online identities of the Bebo social networking site.
If you have been hoaxed by this screen, change your password pronto.
Sophos’s video explains the problem in greater detail and there’s more information is available on their website.