Phishing Technique Hits Twitter

In a technique that has mostly been confined to email has now spread to micro blogging services such as Twitter. In a post published in January 3rd on the official Twitter blog, the service warns users:

If you receive a direct message or a direct message email notification that redirects to what looks like—don’t sign in. Look closely at the URL because it could be a scam.

Ever receive an email from Ebay or someone claiming to be your bank asking you to confirm your username and password? Those are phishing scams. So how does this particular phishing scam work as it relates to Twitter?

This particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email says something like, “hey! check out this funny blog about you…” and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it’s a fraud and you should not sign in.

For tips on how to avoid this and other phishing scams, read this article that was published on If you find yourself a victim to this phishing scam, Twitter recommends you immediately click on the RESET PASSWORD link for your account. The reset password email will be sent to the address on file allowing you to change the password to something you know and reclaim your account. If that doesn’t work, try contacting their support team.

7 thoughts on “Phishing Technique Hits Twitter

  1. Just wondering (out loud) if there was anyway we could stop nefarious types from buying domains like the Twitter related one above? How do they then get folks emails? Strange behavior isn’t it? Thanks – Martin

  2. Received one of these earlier this weekend. Didn’t fall for it as I’m fairly used to inspecting links when they appear in my inbox. The reply-to header was a big red-flag. Gotta guess they’re just crawling twitter pages looking for e-mails. Just thought I’d add my $0.02.

Comments are closed.