Twitter hit by phishing scam

A word to the wise for Twitter users: Beware of direct messages asking that you click a link and enter your login info. 

The official Twitter blog has details about the new phishing scam, which reached critical mass over the weekend and tries to lure users into entering their user IDs and passwords into an authentic-looking Twitter login page.

Here's how it works: You'll get a DM (direct message) from one of your Twitter followers that says something along the lines of, "hey! check out this funny blog about you…", plus a link to a Web page.

Click the link, and you'll end up at a site that looks a lot like the standard Twitter login page—although it's not. Take a closer look, and you'll see that the URL in your browser's address bar reads "http://twitter.access-logins.com/login"—or another domain besides "twitter.com." (BetaNews reports that a variety of different phishing URLs have cropped up in the past few days.)

If the scamsters manage to scoop up your Twitter login into, they'll use it to send more fraudulent DMs from your account—not good.

Think you may have already fallen for the phishing scam? Twitter suggests resetting your password; click this link, and Twitter will send a link to the e-mail address associated with your account.

Meanwhile, beware another new phishing scam making the rounds on Twitter: A phony offer for a free iPhone (check out VentureBeat for the details).

Update: More Twitter craziness—turns out 33 high-profile Twitter accounts have been hacked, including those of Barack Obama and Rick Sanchez. The accounts (which have been restored to their rightful owners) were "compromised by an individual who hacked into some of the tools our support team uses," according to Twitter, adding that the security breach is unrelated to this weekend's phishing attacks.

Related:
Gone Phishing [Twitter blog]