Earlier today I received a Direct Message from @funsherpaNYC reading “rofl this you on here?” followed by a link to a url starting “video.twitter..”
I clicked the link, and it redirected me to a Twitter logon page. I rarely log in to Twitter on the web (usually using Tweetdeck on my computer or dabr.co.uk on my phone), so this seemed perfectly normal.
I entered my details. Nothing happened. I thought no more of it.
About four hours later I started getting @replies telling me that I had sent them a message “hey. i make $300-$500 a day online. this website showed me how http://XXX.com” (obviously without the Xs).
I looked in my DM outbox and realised that the message had been sent to the 2,340 people that follow me. I’d been phished.
I have since changed my password, which should stop any further scams from my account.
I’m very sorry to everyone who was DMed.
It wasn’t just me. Thousands of other users have also been hit. The scam is currently being picked up by wires and news sites:
• Twitter Spam: Phishing Scam Steals Twitter Passwords (Huffington Post)
• Twitter Phishers Dangle Bait in Direct Messages (New York Times)
• Phishing Scam Steals Twitter Passwords (PC World)
… and so on.