IE 11 is not supported. For an optimal experience visit our site on another browser.

Twitter phishing ploy goes for ‘Direct Messages’

Some users of Twitter, the microblogging site, may be the victim of a new phishing and account hijacking attempt on Twitter, that specifically affects private messages.

Some users of Twitter, the microblogging site, may be the victim of a new phishing and account hijacking attempt on Twitter that specifically affects private messages — called "Direct Messages" or DMs — sent between users.

"According to Del Harvey, our trust and safety director, there are onging DM phishing attacks that are affecting a relatively small number of users," said a Twitter spokeswoman. "We're working on re-setting the passwords of those affected and notifying users through the @spam account," which is Twitter's own page on the site that talks about spam.

"Getting weird DMs? Probably due to phishing," Twitter said on the page. "Don't go to the (Web) links sent in the DMs or give out your log-in and password" information.

Twitter also suggested users who may have gotten the fake Direct Messages to change their log-ins and passwords to prevent unauthorized use of their accounts. Users "should "feel free" to change their passwords if they are worried," the company said.

Twitter limits postings, which are public, to 140 characters. Direct messages are limited to the same number of characters and are private, only seen by the person for whom a message is intended, similar to an e-mail.

The social networking site started commenting on the activity Sunday. But the phishing attempt has been continuing since then.

"I think my account (got) hacked, I got four DMs (from others) saying they do not understand DM from me — I did not send them a DM," said one user on Twitter's Web site today.

"DMs are being sent out through my account to all of my friends, but I am not sending them; how do I make it stop?" wrote another.

Some of the direct messages tell the sender to click on a Web link in order to make money with Google. The scam site is not associated with Google. When the link is clicked, it could ask the user for his or her Twitter password and log-in information.

It's not so much that a crook wants to read why you've written on Twitter, or start postingyour tweets. Rather, criminals are looking to see if your account information is the same for other accounts, including those for banks, where the reward for such phishing is more lucrative.

Similar phishing attempts have been used on Facebook, another popular social networking site, several times this year.

While Twitter isn't as popular as Facebook, it "continues to grow in popularity and importance in both the consumer and corporate worlds," noted Nielsen Online in a report earlier this year.

"No longer just a platform for friends to stay connected in real time, it has evolved into an important component of brand marketing," as well as for news, real-time information and an outlet for political dissent, such as during the Iranian presidential election last summer.

Twitter's "footprint has expanded impressively in the first half of 2009, reaching 10.7 percent of all active Internet users in June," Nielsen Online said.