Twitter users are reporting that they have received direct messages from their online followers enticing them to visit a phishing website which attempts to steal their username and password.
Users have been receiving messages such as:
hey! check out this funny blog about you... [url removed]
and
Hey, i found a website with your pic on it... LOL check it out here [url removed]
which led – sometimes leapfrogging via a Blogspot page – to a website which posed to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary.
Having hacked into some Twitter accounts it appears that the criminals then used the Twitter identities of their victims to pass on the message to even more Twitter users.
It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as so many internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater.
Twitter co-founder Biz Stone alerted followers to the danger as his team worked on the problem, and later advised members who may feel “weirded out” by the incident to change their passwords.
Twitter has published information on its blog about the security incident and advised users to exercise caution when they reach web pages which ask them to log in to Twitter.
The phishing webpage has also masqueraded as the login page for Facebook – so users of all social networking websites should be on their guard.