Bad blog going around about you, have you read it yet? http://t.co/T***48
People have said bad things about me, but there was a suspicious odor to his tweet. I’m curious by nature and clicked. I ended up on a Twitter error page, but of course it wasn’t! It looked like Twtter.com, but it was actually an inside page on Twittelr.com¹.
You’ve probably seen this before. The Twittelr site is designed to make you think you’re on Twitter and need to log in. If you do you give the phisher your credentials. Don’t expect a thank you note!
I wouldn’t be writing about this but for one small point. Lots of the files these crooks use are hosted by Twitter. Every image and all the CSS files are on Twitter’s servers. They can’t stop the phishers, but they could make their job more difficult. They don’t? Why?
Why doesn’t Twitter limit these hallmark items only to requests that come from their own server? That’s a very simple thing to do.
If the Twittelr folks had to serve their own images and CSS it would increase their bandwidth requirements. It might cost them money and change the economic model of this scam. It might slow them down.
Twitter is an enabler.
Meanwhile this site has been up for a while. It was registered September 23. It has been live with this scam since at least yesterday, hosted by bizcn.com in China.
Why hasn’t it been shut down?
Here are the published details of Twittelr.com. It may or may not be true.
Domain name: twittelr.com
yu zhang firstname.lastname@example.org
0463965823 fax: 0463965823
nanning guangxi 230254
¹ – In the interest of security I’m not going to actually show any of the bad urls here. Twittelr.com by itself leads to an error page with Chinese characters.