Phishing Returns to Twitter Via Direct Message [WARNING]

Share on Facebook Share on Twitter Share on Flipboard
Phishing Returns to Twitter Via Direct Message [WARNING]

Another wave of Twitter phishing has erupted this afternoon, with a spat of direct messages that read “somebody wrote something about you in this blog here” with a link to an ominous short URL.

That short URL asks users to log in to Twitter, but one look at your browser’s address bar indicates that it is not Twitter you’re logging into, but a third-party site that looks like Twitter. Once you provide said site with your login details, it DMs your followers, hence creating the viral loop that is the anatomy of a Twitter phishing scam.

Twitter posted some tips for avoiding these scams on Friday, but apparently the message didn’t get through to everyone, because lots of users (including several high-ranking execs who have consequently sent me such DMs) are still getting duped. Lately, Twitter’s phishing scams seem to share a common theme, with a message from someone you conceivably know (at least a little bit, since you follow them) sending you a DM that implies something about you has been posted somewhere on the web.

While that's certainly a tempting piece of bait, there’s no conceivable reason you should ever have to give a third-party website your Twitter credentials -- let alone a site you've never heard of -- especially now that most reputable Twitter apps use OAuth. Meanwhile, if you think you’ve fallen victim, we remind you once again to change your password.

The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!