Twitter is warning users of a new phishing scam spreading through direct messages on the network, which redirect users to a fake log-in page to steal their passwords.
Through its Spam Watch account, Twitter warned: “We’ve seen a few phishing attempts today (Wednesday); if you’ve received a strange (direct message), and it takes you to a Twitter log-in page, don’t do it!”
The phishing direct messages take the form of: “hi. this you on here? http://blogger.djh****.com” (Part of the hyperlink removed for security). The site that this hyperlink redirects recipients to is designed to grab your Twitter username and password as soon as they are entered.
After one’s Twitter login credentials are entered into the phishing site, the page redirects to a fake “Twitter over capacity page,” with the famous Twitter Fail Whale. This is not a genuine Twitter page.
Security firm Sophos advises users that fell for the phishing scam to immediately change their Twitter passwords and also any other sites where the same log-in credentials are used.
Sophos say on their blog that “hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, and in the same way they are after compromised social networking accounts.”
As long as you do not click on the link from this direct message, you should be safe from the phishing attack. It is recommended that you delete any similar messages as soon as you receive them.