Popular microblogging service Tumblr has been hit with a “rather aggressive phish attack” over the past few days, according to GFI Labs security researchers Christopher Boyd and Jovi Umawing. Legitimate Tumblr users are being asked for their login information – in this case the phish seems to promise access to adult content – and the user unknowingly enters their Tumblr login and password information.
GFI Labs mentions that Tumblr now has an automated email service to reply to phishing reports, and a number of Tumblr users have taken matters into their own hands by creating Tumblr sites dedicated to doling out anti-phishing tips and advice.
Basic anti-phishing best practices still apply with this recent spate of Tumblr attacks, such as:
- Launch a new browser window when visiting sites that require you to supply login information.
- Never follow suspicious links in emails.
- Use services like Qualys BrowserCheck to make sure your web browser is updated.
- Always create and use a sufficiently complex login password.
- Install and monitor email spam filters that can catch email-borne phishing attempts.
Are you a Tumblr user? If so, does this news make you think twice about hosting a blog with this service? Feel free to add a comment to this blog post or start up a discussion on Twitter.
Follow Jeff James on Twitter at @jeffjames3
Follow Windows IT Pro on Twitter at @windowsitpro