Tumblr Microblogging Service Hit by Phishing Attack

 

Popular microblogging service Tumblr has been hit with a “rather aggressive phish attack” over the past few days, according to GFI Labs security researchers Christopher Boyd and Jovi Umawing. Legitimate Tumblr users are being asked for their login information – in this case the phish seems to promise access to adult content – and the user unknowingly enters their Tumblr login and password information.

 

 

GFI Labs mentions that Tumblr now has an automated email service to reply to phishing reports, and a number of Tumblr users have taken matters into their own hands by creating Tumblr sites dedicated to doling out anti-phishing tips and advice.

Basic anti-phishing best practices still apply with this recent spate of Tumblr attacks, such as:

• Launch a new browser window when visiting sites that require you to supply login information.
• Never follow suspicious links in emails.
• Use services like Qualys BrowserCheck to make sure your web browser is updated.
• Always create and use a sufficiently complex login password.
• Install and monitor email spam filters that can catch email-borne phishing attempts.

Are you a Tumblr user? If so, does this news make you think twice about hosting a blog with this service? Feel free to add a comment to this blog post or start up a discussion on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

• Cloud Connections: Jim Reavis on Cloud Security
• Windows 8 Security Features
• Internet Explorer 9 Security Features