Tweeps warned vs phishing in wake of recent breaches

Despite recent hacks of many high-profile Twitter accounts, users of the microblogging platform may want to avoid sites that claim to check their passwords.

 

Such "password check" sites are proliferating amid recent high-profile incidents of Twitter accounts being hacked, security vendor Sophos said.

 

"(Some) 'password check' sites are as bogus as they sound on the surface. They ask you to type in your login details, either into a clone of a regular site's login page, or into a nicely-worded 'you can trust us, honest, guv' page of their own," it said in a blog post.

 

In contrast, it said most legitimate password check sites only ask for a user's email address, then check it against a list of known data dumps.

 

Twitter users who cannot tell legitimate password check sites from the sneaky ones were advised to "assume that they are all bogus, and simply stay away."

 

Also, Sophos advised users to check the address bar to see if the URL contains Twitter.com. Some browsers may have the address bar turn green to indicate it is secure.

 

"Don't ever type your login and password to Twitter on a site that isn't twitter.com. Same with Facebook. And LinkedIn," it added. — TJD, GMA News