Twitter finally released a “Stalkers” app? No, it’s a phishing scam

Graham Cluley
Graham Cluley @

 @grahamcluley.com
 @[email protected]

Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers.

However, the messages are really designed to steal your Twitter usernames and passwords.

Here’s a typical message that users are seeing:

Twitter stalkers phishing message

Sign up to our free newsletter.
Security news, advice, and tips.

Twitter finally released an app that tracks your "Stalkers" get it here [LINK]

If you click on the link you are taken to what appears to be a legitimate Twitter page, asking you to confirm your username and password before the “Stalkers” app can access your account.

Twitter stalkers phishing website

However, if you look at your browser’s URL you will see that the page is not hosted by Twitter at all.

Twitter stalkers phishing website url

If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.

Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, say, your Gmail, Hotmail or PayPal accounts as well.

If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.

Not just on Twitter, but also make sure you’re not using the same password anywhere else on the net.

And remember, it’s important that you don’t use a word from the dictionary as your password. It’s easy to understand why computer users pick dictionary words as they’re much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.

[youtube=http://www.youtube.com/v/VYzguTdOmmU&w=500&h=311&rel=0]

You can always use password management software such as KeePass or 1Password to remember complex passwords if you find it too difficult.

There’s some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in “Account Settings”, and revoke access for any third-party application that you don’t recognise.

Follow me on Twitter at @gcluley if you want to keep up-to-speed with the latest threats, and learn how to protect yourself.

Graham Cluley
Graham Cluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

You may also like...

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.