This article from Mashable discusses the newest phishing attack making the rounds on Twitter.
With metric tools and applications that require logging in to connect with Twitter, it’s increasingly difficult to judge which links are beneficial and which are hacks. A couple of things to keep in mind:
1. If it doesn’t specifically tell you the purpose of the link, don’t click it.
Vague descriptions like “Is this you?” or “Have you seen this picture” or “Have you tried this?” are meant to stir up curiousity and entice you to click. Resist the urge.
2. If you can’t verify the sender, don’t click.
This is a personal rule of mine. I realize this is controversial as many auto-messages send you to Facebook, blogs, or other interesting websites. If you do click a link from one of these, you shouldn’t have to re-enter your Twitter account information, so don’t do it.
3. If you didn’t seek it out, don’t enter your information.
If you’re setting up an account on Hootsuite or attempting to measure some Twitter metrics with one of the many free programs out there, you will need to enter your Twitter account information. However, you usually seek out these types of programs. If you didn’t seek out a program that pops up or sends you a DM wanting your account information, don’t give it to them.
This You????: Yet Another Phishing Attack
In the last couple of weeks, Twitter users have been the target of several large-scale phishing attacks, and according to security experts over at Sophos, the latest one is no different.
The attack spreads via messages with the text “This you????” followed by a link that sends the user to a fake Twitter (
) login page. Don’t fall for the trick. If you enter your credentials there, you’re not actually logging into Twitter, you’re just sending your username and password to the attacker.
If you suspect you’ve fallen victim of this attack, you should change your Twitter password immediately. Check out a video demonstration of the attack (created by Sophos) below.