Fake Twitter website steals user accounts

We received the notification of a phishing site used to steal usernames and passwords of twitter users. On this fake website you could see the old twitter interface, used about a year ago

When the user tried to access the account, the information was first processed by a script called post.php and then sent to the website’s developer. Using fake data we were able to verify the steal in the captured traffic:


Once the user’s password and email where captured and saved in a server, the user was redirected to twitter’s original website.


The easiest way to detect a phishing site is verifying its URL: if it looks strange, in any way, it is most likely that the website is fake. You can also check the copyright year, located at the bottom. In this case, for example, the fake website has 2010, whereas the original has the current year, 2011.