Newest round of Twitter spam

This one fooled me for a half second.

I got an email to my work account indicating that I had 3 delayed messages in my Twitter account.  The social engineering technique is designed to get me to click on the link and redirect me to a spam site, and quite possibly infect my system with malware as part of either a drive-by download or “click here to install such-and-such” (I didn’t click on the link).  Because the message looks like something Twitter might send (it looks a lot like Twitter), users could easily be tricked into going there.  Because it came into my email account that I don’t have associated with Twitter, I was immediately on-guard.  But I felt that emotional taking-down-of-my-guard when I saw that it was “from” Twitter.

The sending IP is coming out of Russia, but the site is hosted on a domain that ends in .com.ar.  The A-record for this site is hosted on an IP address that belongs to a hosting company out of Florida.

Be aware.  It’s a social engineering spoof, not a legitimate Twitter message.

image