Over the past 20 or 30 minutes this evening I have seen a lot of tweets reporting a phishing attack that is apparently running rampant on Twitter’s social networking. If you get a Twitter direct message today reading: “check out this funny blog about you”, don’t do it. The link leads to a fake Twitter login page that attempts to steal your Twitter login. Particularly susceptible to this attack are Twitter users who get their DMs delivered by email: it’s perfectly natural to be prompted to log in after clicking through from your email account.
You can follow updates on the attack by subscribing to the Twitter topic #phishingalert
Twitter Engineering and Operations are on the case but if you receive a Direct Message with a blogspot.com link in it that redirects to what seems like Twitter.com do not enter your Twitter credentials. If you look at the URL, you’ll notice that it is not really Twitter but twitter.access-logins.com—a sketchy phishing site.
Twitter Status – Don’t Click That Link!
Questions or Comments?