Rather than tricking people into visiting a page spoofing Twitter's sign-on screen, the second wave of tweets was essentially spam, said Cluley. The iPhone-related tweets were messages such as "hey. i won an iphone! come see how here" or " Wanna win the new iPhoneiPhone It's so easy and cool, I love this thing!" along with links to sites that ask for, among other things, the user's cell phone number. Alles zu iPhone auf CIO.de
"They may be making money as part of an affiliate scheme," said Cluley, of the second-stage Twitter spam. The criminals may be reaping revenue from ads on the sites the tweets steer users to, or by convincing people to sign up for expensive text message plans.
Twitter, however, said that the hacks of prominent users were unconnected to the first phishing campaign or the follow-up spam.
"This is actually much more serious than these people and organizations falling for a simple phishing attack," said Cluley, who earlier Monday had said there might be a link between the two. "It appears that Twitter's systems were potentially exposing everybody's account to the danger of being taken over by hackers."
Nonetheless, both Cluley and Marian Merritt, an Internet safety advocate for rival security company Symantec Corp., applauded Twitter's fast response. "Twitter has been very upfront and ahead of the game on this," said Merritt.