Dominic's Blog

Twitter is, by far, the most popular microblogging service on the web. So popular, in fact, that it has been the target of a recent phishing attack. Twitter New (twitter-new.com) is this attack. The site’s homepage is a pretty good impersonation of Twitter’s, and the login screen is rather convincing. So, armed with an internet connection and a dummy Twitter account, we decided to go digging.

When you log into the site, nothing much happens. You’re actually redirected to the official Twitter homepage and logged into the official site, presumably through a clever trick with HTML POST variables. However, we’re not fooled easily, and we wanted to dig a bit deeper.

Looking at the source code, things start to become a lot more doubtful. The code refrences a folder called ‘twitter files’, a common trait of downloading a webpage via a browser. The HTML code reeks of being edited with Dreamwever, with styles names things such as ‘style1′. And, if you were wondering about the ‘popular tweets’ section at the bottom of the page? That’s just one of Twitter’s own widgets.

Still, we wanted more, so we looked at domain name itself. A WHOIS lookup revealed the domain is owned by an Andrei Polev, registered in Russia and hosted in Latvia. Since Twitter is run out of the US by a guy named Biz Stone, this is a bit fishy.

The bottom line is, we don’t trust it, and we don’t think you should either. We strongly urge you to, if you have entered your details into Twitter-new.com, change your password immediately, and, as always, be very careful with who you hive your information to.

>> Exploring Tech would like to thank @I_enigma for tipping us off.