The direct messages (DMs) on Twitter have been flying fast and furious today:
hey! check out this funny blog about you… http://jannawalitax.blogspot.com/
Clicking on the link redirects the visitor not to a blog post, but what appears to be a standard twitter login page.
There is, however, one significant difference: the URL is http://twitter.access-logins.com/login/. This is NOT a twitter site, rather, it is a ‘phishing site’, masked to look like a trusted site, collecting usernames and passwords.
The unsuspecting visitor enters their username and password on the access-logins site, and is then redirected to the ‘real’ twitter homepage and must log in again.
The system sends out direct messages, so it is spreading silently, without being readily tracked on the public timeline.
Access-logins.com was registered as through the Chinese registrar “XIN NET TECHNOLOGY CORPORATION” on December 16th, 2008. If you slightly modify the URL to http://access-logins.com you’ll see a spoofed Facebook login page.
There are many “warning” tweets now going out about this message, in particular warning folks that their accounts have been compromised. So far the only advice I’ve seen regarding what to do if you’ve been compromised is to change your password and clear your browser cache. I welcome feedback or suggestions from those who have been affected.
UPDATE (5:19 MST): the twitter blog is updated, warning people of the problem.
UPDATE (6:11 MST): within a few hours of the problem, my browser is warning me from accessing http://access-logins.com:
UPDATE (7:17 MST): A new DM has cropped up, no longer directing users to a fake blogspot account:
Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-logins.com/login