Phishing page – Twitter’s lookalike!

itwitterl.com - Phishing scam
itwitterl.com - Phishing scam

 Phishing pages? Again? Really?!

And the skiddies have done it again. But now they have evolved! Let me put this blogpost into a bit of context before I proceed.

What the heck is Phishing?

Well phishing is a method that hackers, well let’s use correct terminology, script-kiddies use to hijack accounts. They basically create a landinglogin page very similar to a popular web based service such as (Facebook, Twitter, gmail, hotmail etc…) and then they buy domain names that are also very close to the real service’s name such as (Fac3b00k.com, itwitterl.com, h0tma1l.com…) with small typos as you can see, that you wouldn’t even notice.

You are drive by your predisposed urge to enter your credentials whenever you see a login page, and BOOM! Your account is hijacked almost instantly. The password is changed (If the phishing page is good, automatically) and if the skiddy is not good or knows no programming language, heshe will change it manually at a later stage.

Uhh… What?!

Let’s take an example. Today I got the following direct message from a friend:

Phishing tweet - from a trusted friend
Phishing tweet - from a trusted friend

and almost instantaneously I clicked on the link. It was a shortened URL so I couldn’t see the actual domain I was visiting. I landed on this page:

Phishing twitter lookalike.
Phishing twitter lookalike - This is the Fake one.

Now i’m confused, why is it asking me for credentials?! Since I have a little bit of hackingdeception background and I’ve played these games before, my quick reaction was… hehehe, nice try. I looked at the address bar and it said: http://itwitterl.com/session-timed_out/ 

Wow! Twitter have a new domain name!

I then entered false credentials and here’s where I landed:

itwitter.com Fake service status page
itwitter.com's Fake service status page

Whether you put correct credentials or false ones you will always land on this page. Because this website is not the actual Twitter, and they cannot actually log you into the service!

Ohhhh… how can we tell the difference next time?

You can tell the different easily, as long as you don’t rush to put your credentials quickly whenever asked without checking the legitimacy of a certain website first.

Here’s the actual twitter page:

The real Twitter homepage
The real Twitter homepage - There's a lot of difference.

If you spend a second or two looking at both images you will see there is a lot of difference! The skids are not up-to-date!

Tips for not falling into this trap again, and what to do if you are a victim

Below are 4 tips of making sure the website you are logging into is legit:

1. Check the address bar, make sure the domain name is correct.

2. Check the title, many skids forget to fix the title of the page they created.

3. If you are logged into a service and you haven’t closed your browser it will not make you login again unless you’re changing critical information using their platform. They will notify you.

4. Check the favicon, some skids forget to update theirs as well.

I’m a victim 🙁

If you provided your credentials for this fake service, instantly go and change your password! If you were one of the few unlucky ones who have had their password changed for them. I’m sorry to tell you, your account is lost unless you still have ownership of the email address andor you still remember your secret question or answer. Then you can use the “forget my password” feature available for most if not all popular services.

One thought on “Phishing page – Twitter’s lookalike!”

Leave a Reply