Phishing scam steals Twitter passwords

Twitter messages are leading victims to a fake log-in page

Twitter users beware: This scam will not leave you ROFL.

A phishing scam is circulating on Twitter that aims to steal users' log-in credentials and then forward scam messages to all their friends in the hope of tricking them too.

[ Twitter is potentially fertile ground for hackers, warns InfoWorld's Roger Grimes | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The scam begins with a direct message -- one sent directly between two Twitter users -- that reads "ROFL this you on here?" and appears to link to a video site. When the victim clicks on the link, however, they are sent to a fake Twitter page and asked to log in. The scammers use that log-in information to automatically message the victim's contacts with the same direct message.

The phishing activity was reported earlier Wednesday on the Mashable blog, which says it received "multiple reports" of the scam.

It's a classic phishing scam, and one more reason for users to be cautious about messages that take them to a site where they're asked to log in or download something, security experts say.

Twitter warned of the scam Wednesday, saying in a Twitter message, "A bit o' phishing going on -- if you get a weird direct message, don't click on it and certainly don't give your login creds!"

This is just the latest of several scams making the rounds on the popular microblogging site as criminals look for new ways to cash in on its popularity.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies