Graham Cluley’s blog

There is another widespread phishing attack hitting users of Twitter today.

Messages asking "This you????" followed by a link are being sent via the system to unsuspecting users. If you click on the link you are taken to a fake Twitter login page, where hackers are just waiting for you to hand over your credentials. In fact, they can automatically post the phishing message from your account as soon as you hand over your details.

If you have received a message like this from one of your friends it is likely that their account has been compromised by cybercriminals.

Watch this YouTube video for a demonstration of the phishing attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

It's bad enough if hackers gain control of your Twitter account, but if you also use that same password on other websites (and our research shows that 33% of people do that all of the time) then they could access your Gmail, Hotmail, Facebook, eBay, Paypal, and so forth.

So, be cautious about the links you click on, choose a strong password, and - if you have found that you're spreading suspicious messages from your Twitter account or believe that you have been compromised - change your passwords immediately.

You should also check your Twitter account and check the Settings/Connections screen. If there are any third party applications you don't recognise listed there, revoke their permission to access your account.