Beware – hackers are up to some sneaky tricks to con you out of your Twitter account password.
In the first incident, we received an email from a friend on Twitter. The email itself was legitimately sent from the friend’s Twitter account. The message says something about them being concerned about “malicious rumours” being spread around Twitter with a short link included to view the offending page.
If you click on the link, it goes to a page which looks like a Twitter login page. However, the domain is not legit – tvvjtter.com or similar.
This page is simply a Twitter account password collection page. You type in your username and password and the hackers have full access to your Twitter account.
Why would they want it? The hackers are then spreading commercial spam messages out to all your Twitter contacts.
How does it work?
We suspect that the hackers first gain access to your friend’s Twitter account by sending them the same message. From there they send a legitimate message of concern out about “rumours” about you. You click on the link thinking it’s all legit – and try to log into your “account”.
If you don’t notice the fake url, the hackers will have access to both your username and password for your Twitter account. If you use the same username and password an other social networking sites, they will have access there too . . . ouch.
In the second incident, a client has reported that their Twitter account has also been hacked – with messages about a “friend” who as been “sexually harassed” while working at the BBC. Theirs is not an online service that we manage and have not been involved in the clean-up process. As a result, we cannot comment on their matter further . . . other than beware, there are a lot of sneaky tricks around to gain access to your social networking sites.