Popular microblogging service Tumblr has been hit with a “rather aggressive phish attack” over the past few days, according to GFI Labs security researchers Christopher Boyd and Jovi Umawing. Legitimate Tumblr users are being asked for their login information – in this case the phish seems to promise access to adult content – and the user unknowingly enters their Tumblr login and password information.
GFI Labs mentions that Tumblr now has an automated email service to reply to phishing reports, and a number of Tumblr users have taken matters into their own hands by creating Tumblr sites dedicated to doling out anti-phishing tips and advice.
Basic anti-phishing best practices still apply with this recent spate of Tumblr attacks, such as:
Are you a Tumblr user? If so, does this news make you think twice about hosting a blog with this service? Feel free to add a comment to this blog post or start up a discussion on Twitter.
Follow Jeff James on Twitter at @jeffjames3
Follow Windows IT Pro on Twitter at @windowsitpro