Sophos warns of messages leading to fake Twitter log-in pages that come several days after an attack leading to pharmaceutical spam sent from compromised accounts.
Twitter users were being hit on Wednesday with what seems to be the second phishing attack this week, according to security firm Sophos.
The latest attack features a message that says "This you????" followed by a link that leads to a fake Twitter log-in page, according to a blog post by Sophos' Graham Cluley. If a user provides the log-in credentials, the attackers have control over the user's account and can retweet the phishing message from that account.
Earlier in the week, a phishing attack was spreading via direct messages that were widely distributed because of third-party services such as GroupTweet, according to Sophos. Compromised accounts were then used to send pharmaceutical spam for herbal Viagra.
The Sophos blog entries have videos explaining the attacks. They also warn users not to reuse passwords on different sites. A Twitter phishing attack that steals your log-in credentials compromises your bank and e-mail accounts, if you use the same password on those sites.
A Twitter representative did not respond to an e-mail seeking comment.