A new phishing campaign is underway to capitalize on the tumult, with hackers attempting to trick users into supplying their Twitter credentials in a Googledoc made to look like a Twitter help page, according to TechCrunch. The page is hosted by a Russian service provider. The phishing email campaign, seen by journalists at TechCrunch and NBC, attempts to lure Twitter users into posting their username and password on an attacker’s website disguised as a Twitter help form.
The email is sent from a Gmail account, and links to a Google Doc with another link to a Google Site, which lets users host web content. This is likely to create several layers of obfuscation to make it more difficult for Google to detect abuse using its automatic scanning tools. But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.