Twitter finally released a "Stalkers" app? No, it's a phishing scam

Filed Under: Featured, Phishing, Privacy, Social networks, Spam, Twitter

Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers.

However, the messages are really designed to steal your Twitter usernames and passwords.

Here's a typical message that users are seeing:

Twitter stalkers phishing message

Twitter finally released an app that tracks your "Stalkers" get it here [LINK]

If you click on the link you are taken to what appears to be a legitimate Twitter page, asking you to confirm your username and password before the "Stalkers" app can access your account.

Twitter stalkers phishing website

However, if you look at your browser's URL you will see that the page is not hosted by Twitter at all.

Twitter stalkers phishing website url

If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.

Worst of all, if you're one of those people who uses the same password as you use elsewhere on the internet - you've now told the cybercriminals how to access, say, your Gmail, Hotmail or PayPal accounts as well.

If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.

Not just on Twitter, but also make sure you're not using the same password anywhere else on the net.

And remember, it's important that you don't use a word from the dictionary as your password. It's easy to understand why computer users pick dictionary words as they're much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

You can always use password management software such as KeePass or 1Password to remember complex passwords if you find it too difficult.

There's some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in "Account Settings", and revoke access for any third-party application that you don't recognise.

Follow me on Twitter at @gcluley if you want to keep up-to-speed with the latest threats, and learn how to protect yourself.

, , , , ,

You might like

7 Responses to Twitter finally released a "Stalkers" app? No, it's a phishing scam

  1. kaelastreet · 1513 days ago

    Nice way of selling an app to store passwords.

    • I'm sure it is! But KeePass is free and multi-platform, and Sophos doesn't sell an app to store passwords. :)

      • Antony · 1513 days ago

        There you go Graham - got a task on your hands - get Sophos to make a application to store passwords which can then be even more securely kept with the sophos free Encryption tool ;)

        I love how much use you guys are getting from this video haha.

      • Islam Faisal · 1513 days ago

        Although I downloaded the two software you mentioned, I think you are right. :)

        • Some internet security products comes with a password manager, so it is worth to check first before installing additional software.

  2. One of the advantage of using a software password manger is that it "recognizes" the domain the password is for and won't enter it else where. So it is kinda a way to beat phishing as the software won't enter your password if you are presented in a phishing site as it URL doesn't matches the domain stored for the site.

    I use Norton Identity Safe, so perhaps Sophos should make a password manager and bundle it with their products.

  3. Ariel · 1131 days ago

    i didn't see the app in the app thingy on my twitter settings D: but i changed my pass right away!! and do you have to change your email also??

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley