. |
|||||||||||
. |
|||||||||||
. |
Related LinksLegitimate Company Representatives will Never Ask for Your Password Tumblr Phishing Scam Compromises PasswordsDate: 2011-06-29 21:11:59 According to eWeek, security researchers at GFI Labs analyzed a Tumblr Phishing scam. If you don't know what phishing is, see What is Phishing. Tumblr is considered a micro blogging service. This means users can post their writings, pictures, videos, favorite sites, and audio for other to see. It's a cross between traditional blogs and twitter. It's like a personal multimedia hub allowing you to publish your works. Like Twitter, users follow other Tumblr users. To learn more about Tumblr, see What is Tumblr According to the GFI researchers, "Once a user has been compromised, the scammers hijack the user's Tumblr site and turns it into the fake login page. The account then "follows" other users. When users see a new follower and click on the name to see more information, they are shown the fake login page, restarting the attack cycle all over again." If you are a Tumblr user, we searched Tumblr a bit and found several references to the attack. Tumblr user "Positrons" had this post about it
Gained a new follower today. When I clicked their url to go to their page it said ‘this page has adult content blardy blah, please reenter your credentials’ so I did, email and password to tumblr. Then I looked at the url and it was ‘tumblrsecurity.com’ whenever you clicked any buttons like ‘about’ or whatever it lead to ‘this page does not exist’ I believe I may have just become the victim of a scam. At least I changed my password.
Tumblr user "Positrons" GFI and everal other Tumblr user posts indicated it was a confirmation for adult content that was the phishing page that stole their password. Category: Breach Subcategory: Passwords |
|
|||||||||
. |
|
||||||||||
. |