We're now regularly seeing Twitter accounts which have fallen into the hands of cybercriminals, sending out messages to their online friends with the aim of tricking them into handing over their all-important username and password.
Here's one of the latest attacks, shared with us by our friends at @TweetSmarter:
Found a funny picture of you [LINK]
I saw a real bad blog about you, you see this? [LINK]
If you make the mistake of clicking on one of the links you are taken to a fake Twitter website, created with the aim of purloining your username and password.
Careless users might enter their credentials automatically, assuming that their session on Twitter has simply timed out. Doing so is disastrous, not only can the hackers now access your Twitter account they could also - potentially - use the password at other online accounts you may own.
Everyone needs to learn to be on their guard against phishing attacks like this. If you did receive a message like the above, please tell your online friend that their account has been compromised, and they should urgently change their passwords.
Follow @gcluley
Hat-tip: Thanks to our friends at @TweetSmarter for bringing this latest scam to our attention.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
What's weird about this stuff isn't how much attention it gets, but how little attention it gets, considering the risks. You folks are doing a great service bringing these topics to the forefront. I've just had an experience with a client where the company Twitter site sending the phishing DM wouldn't respond to our warnings that they'd been hacked. Anyway, keep up the good work.