What makes this phishing scam slightly more sophisticated than usual is the way in which many were affected via Tumblr pages which contained code designed to imitate the Tumblr login. Not all users fell foul via this method, with some being directed to new URLs containing the faked login form.
Many of the Tumblr blogs that hosted this phishing code had been compromised in previous attacks. A small number of sites appear to be at the centre of the phishing effort, including tumblriq[dot]com, tumblrlogin[dot]com and tumblrsecurity[dot]com.
The scam has prompted a few Tumblr users to set up their own anti-phishing sites in order to warn other users, including antiphishingontumblr.tumblr.com. These community-led efforts contain information pertaining to phishing (and what it means) as well as recovering your Tumblr account if it has been compromised.and
Tumblr themselves have been answering a lot of emails related to this incident recently, so many that they’ve prepared an automatic reply (above) for new support requests. The pre-defined response includes information about undoing the damage done by a compromised account.
Do you use Tumblr? Has this affected you at all? Let us know in the comments.
Source: GFI LABS Blog