Wednesday, June 29, 2011

Tumblr users beware: Phishing afoot

By Nidhi Subbaraman

Tumblr has been haunted by a phishing scam that has gained access to thousands of accounts on the microblogging site over the past few days.a

GFI Labs reports that the scam began with few hacked Tumblr accounts. The accounts then turned into Tumblr zombies: "Their pages are converted into fake logins, and then sent into the world following regular accounts," GFI Labs writes. a

The bogus phishing sites are designed to look like official Tumblr pages: One looks like the start of an IQ Test, and another site, pretending to police access to "Adult Content," asked users to re-enter their login information when they visited that page. The sites even have regular Tumblr Web addresses, so they're even harder to spot.a

For a while, it looked like a successful self-perpetuating scheme — as users turned over login information to the fake sites, their own accounts were compromised, and used to gain access to other unwitting Tumblr users.a

When GFI Labs contacted Tumblr, they seemed to be aware of the issue, which perhaps resulted in the suspension of the fake Tumblr porn portal. In an email to GFI Labs, Tumblr had some recommendations for users whose accounts showed signs of odd behavior: Change your password, unfollow any accounts that you don't remember following, and if things still look grim, delete your account.a

Tumblr also said that it's doing "everything it can to address the issue."a

[via The Huffington Post]a

More on scams and hacks from msnbc.com:a

Yeah I changed my password last...never Dropbox accounts left unlocked, here's how to keep yours safe Next health hazard: Hackable medical implants

Nidhi Subbaraman writes about science and technology at msnbc.com. Find her on Twitter, and join our conversation on Facebook.a

Artikel yang Berkaitan

0 komentar:

Post a Comment