Gone Phishing

Sunday, 4 January 2009

Gone Phishing

If you receive a direct message or a direct message email notification that redirects to what looks like Twitter.com—don’t sign in. Look closely at the URL because it could be a scam.

What Is Phishing?

Wikipedia defines phishing as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” We’ve identified a phishing scam directed at Twitter users and we don’t want you to get tricked into giving your password to a scammer.

How Does It Work?

This particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email says something like, “hey! check out this funny blog about you…” and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it’s a fraud and you should not sign in. Here are some basic tips on how to avoid Phishing scams.

What If I Get Tricked?

Some folks may have clicked the link and given their Twitter password to the phishing site. In those cases it would be possible for the phisher to send out direct messages on your behalf which could trick your followers. In those cases, we proactively reset the passwords of the accounts.

So, if you find yourself unable to login to your account with your username and password, please use the reset password link to regain access. This will send an email to the address associated with your account and you’ll be able to create a new password.

If you don’t receive the reset password email, please check your junk or spam email folder as it may be accidentally delivered there. If you are still having trouble logging in, please contact our support team and we’ll help you out.