(Click the photo to view it larger.)
Last night, I got another one of the many direct messages I receive each day via Twitter telling me that someone has written something horrible about me. Since I was using my older computer, and I have Ubuntu installed on it, I decided to click on the link provided in the direct message, deciding that the risk of accidentally downloading a virus was minimal.
The page took a while to load, almost 3 or 4 seconds, and then this page showed up. I was a bit surprised for a second, and thought, hrmm why am I back at Twitter, and why am I not logged in? I reached for the keyboard and was about to type in my password, when I stopped myself and thought, "I should check the URL first." I’m glad I did.
If you look closely, you’ll notice that the URL for this site is not quite right. The word Twitter has an extra i and v in it that shouldn’t be there.
I realized that this was a very clever phishing attempt, and that I had almost fallen for it, even though I knew in advance that the link was very likely to lead to trouble.
My recommendation is to be very suspicious of links you receive via social media and email. If the link seems out of context, or you aren’t expecting someone to be sending you a link, don’t click on it. If you do click on it, DO NOT enter your password or other information on the site. Instead, navigate by yourself to the appropriate website, and enter your login information there.
Please share this information with others so that we can curb the link baiting and phishing going on now through Twitter, email, and other similar services.
More examples:
Update: If you happen to get caught by one of these phishing attacks, don’t panic. You just need to change your Twitter password. If you cannot access your Twitter account, you should still be able to request a new password be sent to your email here.
John at TestSoup says:
I like to run without virus programs (they take too many system resources), which means I have to be careful about what links I click. Since I have a PC for work, a Mac for entertainment, and a smartphone, I click different links on different machines just like you did here. It seems to be a pretty solid system so far. But yes, you do need to watch out for those phoney-baloney websites!
February 3, 2012 — 11:36 am
Dvora says:
Thanks for sharing this. I have been getting a number of these types of emails from PayPal and they look pretty official about something I supposedly bought… but I did not. I almost logged into one to check, but at the last moment, decided to go to PayPal directly and there was nothing there in my account. When I looked back at the email address (they are sometimes hidden these days) I found that it was a scam. PayPal has a special email to forward these too so they can work on tracking them down and stopping them.
February 4, 2012 — 4:20 pm
Faith says:
I got the same direct message, clicked on the link and logged into what I thought was Twitter, since then ads have been tweeted on my account with a link which is probably a scam too. The same direct message has been sent to all my followers from me. People are replying back to the message causing me problems.Could anyone help me resolve this please?! Thank you.
April 21, 2012 — 3:47 pm
David Wees says:
If you can still log into your account, you should and then change your password. You will also want to see what applications have access to use your Twitter account as you may need to disable them. If you cannot log into your account, find the "request new password" button, which should send you a link in your email to be able to change your password.
April 21, 2012 — 3:55 pm
Janet Abercrombie says:
Thanks. I was wondering what would happen if that opened. I’ve received more than three of the same message.
July 8, 2012 — 5:24 am