mocoNews.net - Twitter Warns Users About Phishing Scam

This weekend, Twitter admitted that it is the most recent target of a phishing scam, and warned users to be wary of messages that redirect them to a look-alike sites and ask them to login using their username and password. Twitter co-founder Biz Stone wrote on the company's blog: "We've identified a phishing scam directed at Twitter users and we don't want you to get tricked into giving your password to a scammer." The scams being sent out by email look like email notifications you might receive when you get a direct message, and say something like: "hey! check out this funny blog about you?" or "Hey, i found a website with your pic on it? LOL check it out here." The link provided redirects to a site that looks like Twitter's front page, but has a slightly different URL.

Blogger Chris Pirillo was targeted twice on Saturday, and raised a good point on his blog about how easily Twitter users could fall for a phishing scam. He recommends to "NOT log in to your Twitter account through any site other than Twitter.com," which may sound really obvious, but in Twitter's case, it isn't. "Consider how many third-party Twitter services you use. Seems it's about time for some kind of verification/validation for applications using the Twitter API - so you can be sure you're passing your credentials to the right people. I'm guessing this particular phishing scam is not using the API (but there's no way for a user to properly verify)."

Twitter said that if you've fallen for the scam, it's possible for the phisher to use the information to spread the scam by sending out direct messages on your behalf which could trick your followers. "In those cases, we proactively reset the passwords of the accounts." Twitter also recommends resetting the password link to regain access to your account.