If you are an avid Twitter addict like my self, you have probably got the DM (Direct Message) about an hour ago at the time of writing this article that’s saying:
“Hey! Check out this funny blog about you…. (Some link to a blog post)”
Please don’t tell me you fell for it, but if you did, here is what happens:
You clicked on the link to the blog post then the link (Somehow) took you back to the Twitter login page asking you to sign in!
You logged in and got a thank you message.
Here is what really happened behind the scene:
You click on that link (Which was a redirection to another page) then [[DO NOT CLICK ON THE FOLLOWING]]: the new URL in your browser looks like this: “http://twitter.access-logins.com/login/”
Again DO NOT CLICK ON THE LAST LINK.
The page looks exactly as the original Twitter homepage asking you to login.
You enter your information and click login (behind the scene your info was sent to the hackers email address) and your account is pretty much GONE!
With the information they collect they logged in to even more accounts and blasted the same message to more Tweeple so it looks like that your own friend or neighbor sent you the DM and of course more victims become exposed to the spoof.
Please read this carefully:
This is the oldest trick of the book, they did it with Yahoo emails and eBay accounts before. ALWAYS check on your browser’s address bar or your status bar of the link you’re clicking, for Twitter, it must be www.twitter.com or http://www.twitter.com and it may end with the user name link http://www.twitter.com/GuruOfSales
If any email or message you get says to open the link to update your account info but the link ends or starts with a different name, then that’s a spoof to hijack your account.
Some examples will be: eBay.login.com or twitter-account.com.
To be always safe, make sure you TYPE IN the address you need to go to in a new window or browser tab!
There are so many other ways to stay safe that I will go through in a future class at www.Wahol.com (classes are free to join) but for now, please spread the word and tell your friends not to fall for that one, so far this is the biggest attack on Twitter so mark this bad hour down in your history books!
Any safety question just ask in the comment area below 🙂
UPDATE: Twitter operators are now aware of this issue and posted a warning all over the site with a link to the status page here: http://status.twitter.com/post/68196572/dont-click-that-link
The status link said:
Don’t Click That Link! 56 minutes ago
Twitter Engineering and Operations are on the case but if you receive a
Direct Message with a blogspot.com link in it that redirects to what seems
like Twitter.com do not enter your Twitter credentials. If you look at
the URL, you’ll notice that it is not really Twitter but twitter.access-logins.com—a sketchy phishing site.