Twitter users are being hit by a new phishing attack where affected users are sending DMs to their friends, which contain links to fake website that looks exactly like the Twitter login page.
If you receive a direct message on Twitter that says, “haha the look on your face in this pix is priceless! [LINK], DO NOT click on it. Clicking on the link will take you to a fake Twitter login page, where you will be asked to re-enter your username and password.
After clicking the link, notice the URL in the address bar of your browser. If a user provides the log-in credentials, the credential will be sent to the attackers, after which they will full control over the user’s account and can retweet the phishing message from that account.
There are a dozen of scams and phishing attacks that occur on Facebook and Twitter every day. We constantly report attacks like this, so that it helps users stay cautioned about it. Recently, another fake message that was spreading on Twitter stated Pics of Osama Bin Laden Are Finally Released
I suggest you to avoid clicking on the link and alert your followers about the attack. If you have accidently clicked on the link and entered your login details, then change the password of your Twitter and all other accounts immediately. Also, contact your followers to avoid the message and ask them to change their account password as well.
To learn how you can avoid falling victim to a phishing scam and keeping your Twitter account secure, please read Twitter’s official guide to Keeping Your Account Secure. Here are some tips that will help you protect your Twitter account -
- Use a strong password.
- Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information.
- Use HTTPS for improved security.
- Don’t give your username and password out to untrusted third-parties, especially those promising to get you followers or make you money.
- Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.
Sophos’ Graham Cluley explains a simple way of creating a complex hard-to-guess password – and how you should never use the same password on different sensitive websites.