Tumblr Microblogging Service Hit by Phishing Attack



Popular microblogging service Tumblr has been hit with a “rather aggressive phish attack” over the past few days, according to GFI Labs security researchers Christopher Boyd and Jovi Umawing. Legitimate Tumblr users are being asked for their login information – in this case the phish seems to promise access to adult content – and the user unknowingly enters their Tumblr login and password information.




GFI Labs mentions that Tumblr now has an automated email service to reply to phishing reports, and a number of Tumblr users have taken matters into their own hands by creating Tumblr sites dedicated to doling out anti-phishing tips and advice.

Basic anti-phishing best practices still apply with this recent spate of Tumblr attacks, such as:

  • Launch a new browser window when visiting sites that require you to supply login information.
  • Never follow suspicious links in emails.
  • Use services like Qualys BrowserCheck to make sure your web browser is updated.
  • Always create and use a sufficiently complex login password.
  • Install and monitor email spam filters that can catch email-borne phishing attempts.

Are you a Tumblr user? If so, does this news make you think twice about hosting a blog with this service? Feel free to add a comment to this blog post or start up a discussion on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

Please or Register to post comments.

What's Security Blog?

Security news, views, product reviews, and solutions for Microsoft Windows IT professionals.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×