This morning our honeypots received large numbers of spam e-mails pretending to be from Twitter, presenting the new Twitter Profile changes.
The telltale sign is that the button and all of the links in this HTML e-mail point to some domain that is definitely NOT twitter. We are seeing thousands of these spams with links pointing to a variety of domains belonging to dummy or compromised websites. Clicking on anything in this e-mail results in a server redirect, which is why we insist you follow our "Do Not Click" advice.
Currently the redirect sends you to a Canadian Pharmacy website that offers to do great things for your love life. But, while these compromised domains are under the influence of spammers, it's easy for spammers to alter them to point wherever they want. Without any warning, these sites could begin directing visitors to a phishing site posing as a Twitter login page.
Spam like this exemplifies why our number one rule about unsolicited e-mail is "Do Not Click." Sifting tea leaves and trying to determine the validity of an e-mail is a losing proposition. While you could be right, the risk of being wrong, and the downside if you are isn't worth it. In a situation like this, open a browser window and type twitter.com to be sure you're visiting the legitimate site.
Dave Michmerhuizen is Research Scientist and Luis Chapetti is Security Researcher at Barracuda Networks.
Sign up for CIO Asia eNewsletters.