Pinterest Stumbleupon Whatsapp

Microblogging site Tumblr and its users have been targeted recently with a phishing attack that lures unsuspecting users into entering their login details only to have them stolen. The scam operates by offering users access to additional content after inputting login details, in this instance “adult content”.

What makes this phishing scam slightly more sophisticated than usual is the way in which many were affected via Tumblr pages which contained code designed to imitate the Tumblr login. Not all users fell foul via this method, with some being directed to new URLs containing the faked login form.

Many of the Tumblr blogs that hosted this phishing code had been compromised in previous attacks. A small number of sites appear to be at the centre of the phishing effort, including tumblriq[dot]com, tumblrlogin[dot]com and tumblrsecurity[dot]com.

The scam has prompted a few Tumblr users to set up their own anti-phishing sites in order to warn other users, including and These community-led efforts contain information pertaining to phishing (and what it means) as well as recovering your Tumblr account if it has been compromised.


Tumblr themselves have been answering a lot of emails related to this incident recently, so many that they’ve prepared an automatic reply (above) for new support requests. The pre-defined response includes information about undoing the damage done by a compromised account.

Do you use Tumblr? Has this affected you at all? Let us know in the comments.

Source: GFI LABS Blog

Leave a Reply

Your email address will not be published. Required fields are marked *