Adult Phishing Scam Targets Thousands of Tumblr-ers

This particular phishing scheme stands out from others. In fact that the scammers are using the compromised Tumblr accounts to set up more and more phishing pages, which are all registered in the last few weeks to bogus clients.

Tumblr users have been the target of an aggressive phishing campaign within the last week and even now can be lured into entering their login credentials for access to adult content. According to GFI researchers, who first reported the incident, the scheme is working extremely well.

Researchers accessed one of the dropzones of the stolen credentials and discovered an enormous amount of data.

“The problem has become so pervasive that regular Tumblr users are setting up dedicated anti-phishing sites to advise users of the problem,” say the researchers.

This particular phishing scheme stands out from others. In fact that the scammers are using the compromised Tumblr accounts to set up more and more phishing pages, which are all registered in the last few weeks to bogus clients.

tumblriq(dot)com
tumblrlogin(dot)com
tumblrsecurity(dot)com

As a natural progression with a rather cumbersome solution, Tumblr created an automated reply for people reporting the scheme. The popular microblogging site advises affected users to reset their password and remove the fake login template by creating a new theme and to “unfollow” all the blogs their account is following because of the scammers.

GFI researchers try to explain “Why Tumbr?”

“We can only guess. The stolen accounts could be used as some form of advert affiliate money making scam, or maybe we could see lots of pages with survey popups pasted over them. There is the very real possibility that the Tumblr accounts are simply a way to test if those users are logging into other services with the same credentials – at that point, everything from email accounts to internet banking sites could be fair game.”