Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers.
However, the messages are really designed to steal your Twitter usernames and passwords.
Here’s a typical message that users are seeing:
Twitter finally released an app that tracks your "Stalkers" get it here [LINK]
If you click on the link you are taken to what appears to be a legitimate Twitter page, asking you to confirm your username and password before the “Stalkers” app can access your account.
However, if you look at your browser’s URL you will see that the page is not hosted by Twitter at all.
If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.
Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, say, your Gmail, Hotmail or PayPal accounts as well.
If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.
Not just on Twitter, but also make sure you’re not using the same password anywhere else on the net.
And remember, it’s important that you don’t use a word from the dictionary as your password. It’s easy to understand why computer users pick dictionary words as they’re much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
You can always use password management software such as KeePass or 1Password to remember complex passwords if you find it too difficult.
There’s some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in “Account Settings”, and revoke access for any third-party application that you don’t recognise.
Follow me on Twitter at @gcluley if you want to keep up-to-speed with the latest threats, and learn how to protect yourself.
7 comments on “Twitter finally released a “Stalkers” app? No, it’s a phishing scam”
Nice way of selling an app to store passwords.
I'm sure it is! But KeePass is free and multi-platform, and Sophos doesn't sell an app to store passwords. 🙂
There you go Graham – got a task on your hands – get Sophos to make a application to store passwords which can then be even more securely kept with the sophos free Encryption tool 😉
I love how much use you guys are getting from this video haha.
Although I downloaded the two software you mentioned, I think you are right. 🙂
Some internet security products comes with a password manager, so it is worth to check first before installing additional software.
One of the advantage of using a software password manger is that it "recognizes" the domain the password is for and won't enter it else where. So it is kinda a way to beat phishing as the software won't enter your password if you are presented in a phishing site as it URL doesn't matches the domain stored for the site.
I use Norton Identity Safe, so perhaps Sophos should make a password manager and bundle it with their products.
i didn't see the app in the app thingy on my twitter settings D: but i changed my pass right away!! and do you have to change your email also??