Last month Twitter users were attacked using a DM scam where users received direct messages from people they know saying "You Seen What This Person is Saying About You Terrible Things". The Twitter Scam affected several users who went on to click on the accompanying link and then entered their Twitter username and password on the phishing website.
It looks like another similar scam is currently spreading on Twitter through direct messages. The phishing scam is similar to the earlier attacks and is spreading with the following message:
Hi. somebody is saying real bad rumors about you here ;(
The message is accompanied by a link, clicking on which will lead you to a website which spoofs the twitter interface and tells you to login using your Twitter username and password. The URL is also made to look very similar to that of Twitter.
The webpage in question asks you to enter your username and password and then redirects you to install an app on Twitter which in turn sends out rogue messages to all your followers.
Please DO NOT enter you username and password since the scammers will then gain access to your account username and password. If you do enter your username and password into the phishing page, the scammers will then redirect you to Twitter and ask permission to install an app which will then send out the rogue message as a direct message to all your followers and continue spreading the phishing attack.
To avoid phishing attacks, always look at the URL to see whether you are entering your password on the site itself and not some masked URL which is made to look like the original site. Additionally, you should also periodically check the apps you have given access to in your Twitter account and remove unwanted apps. Learn how to remove apps or revoke app permissions in Twitter.