Phishing scam spreads on Twitter

Filed Under: Phishing, Social networks, Twitter

Twitter users are reporting that they have received direct messages from their online followers enticing them to visit a phishing website which attempts to steal their username and password.

Twitter phishing message

Users have been receiving messages such as:

hey! check out this funny blog about you... [url removed]

and

Hey, i found a website with your pic on it... LOL check it out here [url removed]

which led - sometimes leapfrogging via a Blogspot page - to a website which posed to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary.

Twitter phishing web page

Having hacked into some Twitter accounts it appears that the criminals then used the Twitter identities of their victims to pass on the message to even more Twitter users.

It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as so many internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater.

Twitter co-founder Biz Stone alerted followers to the danger as his team worked on the problem, and later advised members who may feel "weirded out" by the incident to change their passwords.

Tweets from Twitter about phishing scam

Twitter has published information on its blog about the security incident and advised users to exercise caution when they reach web pages which ask them to log in to Twitter.

The phishing webpage has also masqueraded as the login page for Facebook - so users of all social networking websites should be on their guard.

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.