Phishing scam steals Twitter passwords

23.09.2009
Twitter users beware: This scam will not leave you ROFL.

A phishing scam is circulating on Twitter that aims to steal users' log-in credentials and then forward scam messages to all their friends in the hope of tricking them too.

The scam begins with a direct message -- one sent directly between two Twitter users -- that reads "ROFL this you on here?" and appears to link to a video site. When the victim clicks on the link, however, they are sent to a fake Twitter page and asked to log in. The scammers use that log-in information to automatically message the victim's contacts with the same direct message.

The phishing activity was reported earlier Wednesday on the blog, which says it received "multiple reports" of the scam.

It's a classic phishing scam, and one more reason for users to be cautious about messages that take them to a site where they're asked to log in or download something, security experts say.

Twitter Wednesday, saying in a Twitter message, "A bit o' phishing going on -- if you get a weird direct message, don't click on it and certainly don't give your login creds!"