By Dave Michmerhuizen – Research Scientist, Luis Chapetti – Security Researcher
This morning our honeypots recieved large numbers of spam emails pretending to be from Twitter, presenting the new Twitter Profile changes.
The telltale sign is that the button and all of the links in this HTML email point to some domain that is definitely NOT twitter. We are seeing thousands of these spams with links pointing to a variety of domains belonging to dummy or compromised websites. Clicking on anything in this email results in a server redirect, which is why we insist you follow our “Do Not Click” advice.
Currently the redirect sends you to a Canadian Pharmacy website that offers to do great things for your love life. But, while these compromised domains are under the influence of spammers it's easy for spammers to alter them to point wherever they want. Without any warning these sites could begin directing visitors to a phishing site posing as a Twitter login page.
Spam like this exemplifies why our number one rule about unsolicited email is “Do Not Click.” Sifting tea leaves and trying to determine the validity of an email is a losing proposition. While you could be right, the risk of being wrong, and the downside if you are isn't worth it. In a situation like this, open a browser window and type twitter.com to be sure you're visiting the legitimate site.