Beware the Twitter Phishing Scam

February 22, 2010


GRRRRREATTTTT. I’ve managed to keep my eyes peeled for scammers pretty well up to this point, but I was really busy and tired yesterday, and wasn’t paying much attention to what I was doing.

Yesterday, I received an email from Twitter (sheesh, I get about 20 a DAY) from a follower. The message was this:

Twitter Phishing Scam

You can see the link looks suspicious: Uh HUH. I didn’t notice it at first glance, though.

At first I was like, “Oh great, NOW what are people slandering me for??” My memory is kind of fuzzy here– I don’t *think* I clicked the link in the email. Maybe I did. I can’t remember if I actually signed in to my Twitter account. I hope I didn’t. I did a search on the link in that email, and this is what I found at Mashable, it’s a new Twitter phishing attack:

A Twitter phishing attack is spreading rapidly today, attempting to obtain Twitter logins via Direct Messages. If you receive a message reading “lol, is this you”, and linking to a site called “bzpharma”, do not click the link.

Users who do click that link and enter their details are inadvertently letting spammers take over their accounts, which are then used to spam the same Direct Message to all their friends.

If you’re receiving these messages, your account is not compromised, but if you find you’re sending them, make sure to change your Twitter (Twitter) password immediately.

The IT security firm Sophos released this video regarding the attack:

If you think your Twitter account has been compromised, CHANGE YOUR PASSWORD IMMEDIATELY! I have already received obscene spam from two of my Twitter followers, so their accounts are compromised.

The crappy thing about this is that, while Twitter knew of the phishing scam and attacks, and publicly warned people, they never send out emails to Twitter users… I don’t see why? I mean, if there’s an attack on the site, wouldn’t it be good to email everyone to tell them? I like Twitter and I like tech news, but I don’t wait breathlessly by the Twitter news feed to check for new scams every day.

As a policy, it is best to NEVER NEVER NEVER click on any link in an email anymore, ESPECIALLY if you have to sign in with a username and password. Just never do it, never. Better to be safe than sorry.

As for me, I did click the link in the email. I don’t *think* I signed in to Twitter, though. Instead, I looked up the link– the “pharma” word in it made it suspicious. But as a precaution, I changed my password right away.

, , , ,

7 Responses to “Beware the Twitter Phishing Scam”

  1. Lisa Says:

    You must have been out of it, that doesn’t sound like you at all.

    They tried this on Facebook too. Fortunately I got the email from someone who I don’t interact a lot with on Facebook.

  2. megscole64 Says:

    people are so lame!

  3. Rebecca Says:

    Yeah, Lisa, I’m pretty tired lately. Usually I try to be “on the ball.” I don’t think I signed in… what’s weird is that I didn’t remember!!

    Meg– DITTO, baby! I wish some folks would GET A REAL JOB or something!

  4. Karen & Gerard Zemek Says:

    Yup, that’s how my Twitter account got hacked. I should have known better to than to bother with that one but I went ahead and clicked on the link and the next day I got messages from some of my blogger friend followers informing me they got an offensive direct message from me–YIKES! I was flaberghasted and changed my Twitter password immediately (even though I was at work by then)! What a sinking feeling! I’m going to share about my experience too with this and include a link back to you here.

    Also, thanks SO much for your help with getting my Firefox browser to open again!

  5. RE - Entrepod Says:

    Now Becs, you know twitter don’t tweet.. ironic huh ?
    when I wrote about it over the weekend I thought the same thing and then it hit me, when did I subscribe to twitter itself ? welllllllllll.. okayy.

  6. RE - Entrepod Says:

    hey girly where’s my link !!!!!


  1. How to Avoid Computer Viruses and Phishing Hacks | The Older Geek - October 18, 2012

    […] everywhere. They invade email, websites, blogs, and even popular social networking sites such as Twitter. Some of the phishing scams are very sneaky: emails come in the form of someone or a company with […]