Top Security News Demon Internet Spills Customers' Details The people at ISP Demon Internet are almost certainly wishing their employer had a different name today. A data mishap has made it way too easy for about... Chinese Hackers Target Foreign Media Under normal circumstances, the media isn't really supposed to involve itself in a story. Reporters don't join protests in Washington; embedded journalists don't shoot insurgents in Iraq. Some news organizations... Microsoft: Free Security Software Due Within Weeks No matter how much skill and expertise other companies have demonstrated, sometimes it's just nice to know that a corporate behemoth is backing up a product. Thursday:09.24.09 Twitter users whose online acquaintances claim to be rolling on the floor with laughter should probably just leave well enough alone. A Twitter phishing scam featuring the acronym ROFL is spreading via direct messages at a rapid pace. Itamar Kestenbaum appears to have been one of the first individuals to spot the problem. As he noted, the text of the direct messages reads, "rofl this you on here?" Recipients of the messages are then provided with a link to http:// videos. twitter. secure-logins01. com (spaces added so that no one accidentally clicks or copies an active link). The destination on the other end of the link is a phishing site made to resemble Twitter. It requests users' login info, and unsuspecting individuals who provide it will see their accounts used to send out still more of the ROFL direct messages. If anything like this has happened to you, now would be a good time to go change some passwords. The good news is there's no evidence that the phishers are taking any further action, so this could just be a prank. Maybe even a social engineering experiment conducted by some researcher who's discarded the normal rulebook. But the login info could also be tested against different Gmail or PayPal accounts, which would be pretty bad. Twitter's aware of the problem, anyway, and has tried to alert people to its existence with a tweet issued from an official account. Hopefully Twitter's engineers will be able to effectively squash the phishing campaign before too much more time passes. About the Author: Doug is a staff writer for SecurityProNews. InternetFinancialNews, SearchNewz, and WebProNews. SecurityProNews is brought to you by: SecurityConfig.com NetworkingFiles.com ITmanagementNews.com NetworkNewz.com DatabaseProNews.com SQLProNews.com ITcertificationNews.com SysAdminNews.com LinuxProNews.com WirelessProNews.com About SecurityProNews SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. Advertising Newsletters Corporate Info Site Map Support © 2009 SecurityProNews. An email newsletter. , Inc. 2549 Richmond Rd. Lexington KY, 40509 All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us. SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.