The Phisher Kings

Every image and all the CSS files are on Twitter’s servers. They can’t stop the phishers, but they could make their job more difficult, but they don’t? Why?

A fellow meteorologist from Houston sent me a direct message yesterday afternoon via Twitter.

Bad blog going around about you, have you read it yet?***48

People have said bad things about me, but there was a suspicious odor to his tweet. I’m curious by nature and clicked. I ended up on a Twitter error page, but of course it wasn’t! It looked like, but it was actually an inside page on

You’ve probably seen this before. The Twittelr site is designed to make you think you’re on Twitter and need to log in. If you do you give the phisher your credentials. Don’t expect a thank you note!

I wouldn’t be writing about this but for one small point. Lots of the files these crooks use are hosted by Twitter. Every image and all the CSS files are on Twitter’s servers. They can’t stop the phishers, but they could make their job more difficult. They don’t? Why?

Why doesn’t Twitter limit these hallmark items only to requests that come from their own server? That’s a very simple thing to do.

If the Twittelr folks had to serve their own images and CSS it would increase their bandwidth requirements. It might cost them money and change the economic model of this scam. It might slow them down.

Twitter is an enabler.

Meanwhile this site has been up for a while. It was registered September 23. It has been live with this scam since at least yesterday, hosted by in China.

Why hasn’t it been shut down?

Here are the published details of It may or may not be true.

Domain name:

Registrant Contact:
zhang yu
yu zhang
0463965823 fax: 0463965823
nanning guangxi 230254

&#185 – In the interest of security I’m not going to actually show any of the bad urls here. by itself leads to an error page with Chinese characters.

4 thoughts on “The Phisher Kings”

    1. I suspect his account had been compromised. He didn’t personally send it. However, a ‘hacked’ or compromised account is nearly always traceable to someone falling for a phishing scam themselves.

  1. I hate this scam for 2 reasons. One being that it wrecks your account, and the second being, it wrecks your reputation. That nice guy you connected with 2 days ago seemingly sends you this message, and you immediately think he’s some sort of shark, when in fact he has been the victim of hacking. Hope your friend gets sorted.

Leave a Reply

Your email address will not be published. Required fields are marked *