X

Twitter phishing scam spreads via direct messages

In new phishing scam, direct messages sent to Twitter accounts link to fake Twitter log-in page.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills

A new phishing scam is spreading through Twitter via direct messages, according to several reports.

Itamar Kestenbaum writes on his JewNews.net blog that he received a direct message on his Twitter account from someone he didn't know that said "rofl this you on here?" followed by a link to what appeared to be a video-related Twitter page.

The page looks like a legitimate Twitter log-in page but nabs your credentials if you type in your password, he warns.

Meanwhile, a posting on the Mashable blog said the site had received multiple reports of the new phishing scam and that someone there had even received one of the phishing-related direct messages themselves.

No word on this yet on Twitter's official blog or from a Twitter spokesperson. We'll keep you posted as we hear more.

In the meantime, if you clicked on the phishing link and typed in your credentials, you should change your password immediately.

Update at 5:30 p.m. PDT: Twitter acknowledged the phishing scam in a tweet on Wednesday that said "A bit o'phishing going on--if you get a weird direct message, don't click on it and certainly don't give your login creds!"

JewNews.net captured this screenshot of the phishing-related direct message Twitter users are receiving and the fake log in page the link directs to. JewNews.net