In a technique that has mostly been confined to email has now spread to micro blogging services such as Twitter. In a post published in January 3rd on the official Twitter blog, the service warns users:
If you receive a direct message or a direct message email notification that redirects to what looks like Twitter.com—don’t sign in. Look closely at the URL because it could be a scam.
Ever receive an email from Ebay or someone claiming to be your bank asking you to confirm your username and password? Those are phishing scams. So how does this particular phishing scam work as it relates to Twitter?
This particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email says something like, “hey! check out this funny blog about you…” and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it’s a fraud and you should not sign in.
For tips on how to avoid this and other phishing scams, read this article that was published on Fraud.org. If you find yourself a victim to this phishing scam, Twitter recommends you immediately click on the RESET PASSWORD link for your account. The reset password email will be sent to the address on file allowing you to change the password to something you know and reclaim your account. If that doesn’t work, try contacting their support team.