Twitter users warned about new phishing attack

This is Twitter's spam warning.

(Credit: Twitter)

Twitter warned on Wednesday about a new phishing attack in which direct messages to users link to a fake log-in page that steals passwords.

"We've seen a few phishing attempts today; if you've received a strange (direct message), and it takes you to a Twitter log-in page, don't do it!" the Twitter spam warning says.

The direct messages say: "hi. this you on here? http://blogger.djh****.com," Sophos reports in a blog post. The full URL is obscured to prevent people from unwittingly visiting the phishing site.

Clicking on the link takes a user to a page that looks like a legitimate Twitter log-in page. When the user types in the username and password, a fake version of Twitter's "over capacity" message is displayed, with the image of the notorious "fail whale" held aloft by birds.

"When I visited the page, I was then slingshot to another Web page on Blogspot.com, claiming to belong to a blogger called NetMeg99," Sophos researcher Graham Cluley wrote. "It's not clear if NetMeg99 is involved in the phishing scam, but there is a suggestion that her Web page did also try to phish for credentials at one point."

If you have been duped by this phishing ruse, Sophos suggests that you immediately change your password at Twitter and any other sites where you used the same log-in credentials.

[n3td3v]

One more reason *not* to use social media.

[SwissJay]

One more reason not to let dumb people use the Internet!! Honestly, people falling for that kind of stuff deserve their fate!

[n3td3v]

@SwissJay <br /><br />Dumb people speak in 140 characters or less, they are bound to fall fate. The bad guys have got their yacht in the sun secured while we sit in our poxy 9/to/5 jobs.

[Vegaman_Dan]

"One more reason *not* to use social media." <br /> <br />98 characters. You qualiy for Twitter! <br /> <br />"Dumb people speak in 140 characters or less, they are bound to fall fate." <br /> <br />67 characters. Again, you qualify to post on Twit- oh, I see now. Um... oops. :)

[idaremyidea]

Are they dumb? or are they finding their way through life like the most of us? I think keeping in touch using communication allows those that can seek solutions can provide spammers a new kind of food for thought; without them how would other people be challenged in life? Everyone finds a way of doing something they think is right in life; everything else is just an observation - isn't it?

[corelogik]

Anyone that falls for a phishing scam should have to take an intelligence test to get back on the internet.

[BethJones-Sophos]

&gt;One more reason *not* to use social media.<br />&gt; Anyone that falls for a phishing scam should have to take an intelligence test to get back on the internet.<br /><br />It's this attitude that actually helps the bad guys along. Everyone thinks "it only happens to someone else" which keeps the trust factor high enough that the scams work again and again. It's very much like it was in the early days where you never questioned an email with an attachment that came from a friend, yet that's exactly how Happy99 and Melissa made it so big. Even FBI Director Robert Mueller almost fell for a phish. So it's not just "dumb people" falling for scams. The phish attacks are getting more and more sophisticated and not as easy to "spot the fake" as it were.

[Harrison912]

I've seen this before since I started using Twitter to socially market my safety and security web site. I hope they catch who ever is doing it this time. I'm all about catching the bad guys.

[albizzia]

The message, "Be ever vigilant and always suspicious".

[TobyGalino]

Yeah well.. how about "Knock Knock"... it would be an interesting study to see the amount that fall for that. Oh My, I have to agree with all of you and yet, I too understand how sometimes you fall victim by "pulling the trigger" prior to clarity and immediately have that nauseous feeling in your gut. <br /><br />At VeriSign we note this as more reason to encrypt sites (not just financial and ecommerce) And internet users and development folks have their piece of this action to respond to, but if, for example, if SocNet's like Twitter, Facebook, were encrypted with Extended Validation SSL, it would cut down on phishing attempts that could compromise log-in credentials across multiple websites.