Twitter phishing scam

Bugger.

Earlier today I received a Direct Message from @funsherpaNYC reading “rofl this you on here?” followed by a link to a url starting “video.twitter..”

I clicked the link, and it redirected me to a Twitter logon page. I rarely log in to Twitter on the web (usually using Tweetdeck on my computer or dabr.co.uk on my phone), so this seemed perfectly normal.

I entered my details. Nothing happened. I thought no more of it.

About four hours later I started getting @replies telling me that I had sent them a message “hey. i make $300-$500 a day online. this website showed me how http://XXX.com” (obviously without the Xs).

I looked in my DM outbox and realised that the message had been sent to the 2,340 people that follow me. I’d been phished.

FXck.

I have since changed my password, which should stop any further scams from my account.

I’m very sorry to everyone who was DMed.

It wasn’t just me. Thousands of other users have also been hit. The scam is currently being picked up by wires and news sites:

Twitter Spam: Phishing Scam Steals Twitter Passwords (Huffington Post)

Twitter Phishers Dangle Bait in Direct Messages (New York Times)

Phishing Scam Steals Twitter Passwords (PC World)

… and so on.

Technorati tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s