Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Don't Be Fooled by Twitter Spam in Your Inbox - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Don't Be Fooled by Twitter Spam in Your Inbox

I have received several emails today "from" (Of course they really aren't from support.). We are also receiving reports from our readers that they are seeing the
same thing.    The emails claim that you have unread messages from Twitter and contain a link that you can supposedly click on to view the messages.  The links are to various
locations other than Twitter.  Don't be fooled.  The emails are not from Twitter and the links are not at Twitter.  Just a reminder NEVER click on links in emails.  Always login to your
account to check it out.  I have contacted Twitter and reported the emails. 

Thanks to Alex for reporting his receipt of the emails to us.


Deb Hale Long Lines, LLC


279 Posts
ISC Handler
Apr 22nd 2010
SPF anyone?
@Hylarides: SPF verifies the domain name specified in the (typically invisible) envelope-from a.k.a. "Return-Path", *not* the domain name in the From: field displayed in the recipient's inbox.

Technologies like SPF and SenderID may help to prevent backscatter (see but they won't prevent phishing mails ending up in you inbox.
Erik van Straten

129 Posts
I'll be surprised if twitter takes this seriously, their spam department is a joke.
Got it this morning and put in spam automatically by Gmail filters.

3 Posts

Sign Up for Free or Log In to start participating in the conversation!