Phishing scam spreads on Twitter

Twitter users are reporting that they have received direct messages from their online followers enticing them to visit a phishing website which attempts to steal their username and password.

Twitter phishing message

Users have been receiving messages such as:

hey! check out this funny blog about you... [url removed]

Sign up to our free newsletter.
Security news, advice, and tips.


Hey, i found a website with your pic on it... LOL check it out here [url removed]

which led – sometimes leapfrogging via a Blogspot page – to a website which posed to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary.

Twitter phishing web page

Having hacked into some Twitter accounts it appears that the criminals then used the Twitter identities of their victims to pass on the message to even more Twitter users.

It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as so many internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater.

Twitter co-founder Biz Stone alerted followers to the danger as his team worked on the problem, and later advised members who may feel “weirded out” by the incident to change their passwords.

Tweets from Twitter about phishing scam

Twitter has published information on its blog about the security incident and advised users to exercise caution when they reach web pages which ask them to log in to Twitter.

The phishing webpage has also masqueraded as the login page for Facebook – so users of all social networking websites should be on their guard.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.