Twitter Phishing Scam Uses Direct Messages to Lure Tweeters

/ Source: SecurityNewsDaily

If someone said, "hey, check out this funny blog post, you're mentioned in it," there's a good chance your curiosity might get the best of you.

That's the presumption behind a new phishing scam spreading through Twitter. Unlike other scams that spread via trending topics, this latest cybercrime campaign uses direct messages (DMs) to come off as legitimate.

The DMs — messages sent between two Twitter users — ask, "Is this you in the video?" and "is this you in this picture?" Each message, the security firm Sophos reported, is followed by a link that, when clicked, takes users to what appears to be Twitter's login screen.

The login page is phony, however, and your username and password, once entered, could immediately become property of the scammers and used for identity theft, banking fraud or to gain access to your other online accounts.

Del Harvey, the head of Twitter's Trust and Safety team, wrote in a tweet that Twitter is "resetting passwords for affected users." Twitter's help center has information on how to change your password and protect your account in the event it was compromised as a result of this scam.