GMA News Online
SciTech

Twitter warns vs new direct-message phishing scam

July 10, 2011 9:41am
Micro-blogging site Twitter on Sunday warned users against a new direct-message phishing scam via direct messaging (DM).

Del Harvey, who runs Twitter's Safety team, advised users to double-check the address bar when they log on to their Twitter accounts.

"If you get a DM asking if a picture is of you, with a link that takes you to a log-in page, it's a phishing link. Don't type (your) info!" Harvey said after receiving messages from users who fear their accounts may have been hacked.

"Before you enter your username and password into any site, double-check the address bar to make sure you're where you want to be," Harvey added.

Harvey said other variants of the scam include "asking if a blog, video, Tweet, or story is about you."

"Again, if it leads to login page, don't trust it!" Harvey said.

Computer security firm Sophos said the links provided by the suspect DMs lead to what appears to be Twitter's home (login) page.

But a screenshot on a blog entry by Sophos senior technology consultant Graham Cluley indicated the fake Twitter site's URL was www.ltwitteri.com/twitterlogin/?login instead of www.twitter.com.

"If you make the mistake of entering your username and password on the page, in the hope of seeing the picture or video or blog post about you, then you could be handing your login credentials to cybercriminals. They could then use the information to spread scams further across the network, spam out malicious links or use the passwords against other websites where you might use the same login details," Cluley said.

Meanwhile, Harvey also said Twitter will reset passwords for affected users. — LBG, GMA News
Go to comments



We welcome healthy discussions and friendly debate! Please click Flag to alert us of a comment that may be abusive or threatening. Read our full comment policy here.
Comments Powered by Disqus