It would appear that Tumblr has once again been hit by a phishing attack that has lasted well over a month. A search on Tumblr for Staff BlogÂ turns up quite a few disgruntled posts from users complaining that it would appear that Tumblrâs own staff blog is posting special offers to their sites, on their behalf.
This isnât the first time Tumblr has been the target of a phishing attack.Â Last June, users trying to access posts on the blogging platform were met with a message asking them to âvalidate their credentialsâ by logging in to their accounts again. The message readÂ âThis page contains adult content. Please revalidate your credentials.â
It would seem that Tumblr is once again facing yet another round of attacks, with users being met with the same message.
ââ¦I was careless and stuck my password in whenÂ promptedÂ to confirm my ID on a Tumblr saying it featured adult content, even though if I remember it was just a standard Tumblr, not a porn one â¦no seriously!
The post that appeared on his blog can be seen in the screenshot below:
While in Nickâs case, the spam post featured a Walmart Gift card, other posts have included Apple giveaways, promising a free iPhone, a sure sign that the post is indeed spam. Other fake offers have included Southwest Airline tickets and Starbucks gift cards.
Looking at how the post appears on the Tumblr dashboard, it looks as thought its coming from firstname.lastname@example.org, and encourages other users to reblog the post.
If users do go ahead and try to access the âgiveawayâ, the phishing scam is revealed, where they are told they will get the freebie in return for giving away their personal information.
One of the current scams takes users to Tumblrlinks.com, a page featuring a work-at-home job opportunity, which does an extremely poor job of disguising its phishing attempt.
The phishing site is also relatively new, having been registered just this past February 17th.
It isnât clear how many blogs may have been compromised in this latest attack, but weÂ have contacted Tumblr for a comment on the story and will update once we have received it.
(Thanks for the tip Nick!)