Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it.
According to the article, hijacked web pages of Tumbler users contain links to malicious sites that pose as a Tumblr login page and indicate that in order to access the “Adult Content” the user must enter their credentials. They don’t call it a booby trap for nothing!
The attack is particularly cunning in that it uses URLs that look like they could be legitimate Tumblr addresses, but are not. In almost every case, if you click on a link and it asks you to log in, it is unsafe to do so. It might be a good time to remind you of how the phishing cycle works, so here is a diagram.
As you can see, if you fall for the phishing attack it will be your friends who are next attacked. If your password is compromised then a hacker can post anything on your Tumblr page and it will appear to come from you. If you think you may have fallen for such an attack, type in the name of the actual website, such as http://www.tumblr.com and then use the regular means to change your password. If you use the same password at multiple sites you will need to change the password at multiple sites. Since it can be a bit of a hassle try to remember 20 different really good passwords, stop trying, and use a password manager! In addition to the password managers mentioned in Paul Laudanski’s blog, lastpass.com and Password corral are viable tools. For tips on preventing yourself from falling victim to a phishing attack, I offer some advice at http://blog.eset.com/2011/06/01/gmail-accounts-under-attack.
Director of Technical Education
Cyber Threat Analysis Center
ESET North America