There are lots of scams on the Internet and I’m usually pretty good at catching them right away. This one, however, was a little trickier and I wanted to take a minute to spread the word about it so that you don’t fall prey.
I received an e-mail notifying me that I had received a Twitter direct message (though Twitter’s user-to-user messaging system).
A crazy Tweet about ME?! It sounded scandalous! I immediately clicked through the link in the notification to see what the ruckus could be. But wait…
OK, now I was starting to get a little suspicious. I don’t normally stay logged into my Twitter account, but I’ve never had to sign in to view a Tweet. A little bit of a closer look revealed this:
Sure enough, the URL was “tvviiter.com” — a common “phishing” scam where the bad guys try to trick you into entering your username and password into an otherwise authentic-looking login screen.
So what happened here? Most likely the victim who sent me the direct message in this case, clicked on a similar link at some point and had their username and password stolen. The scammers then logged into their account, Tweeted out a spam message to the person’s followers offering whatever male enhancement product of the day, and then tried to trick more folks into giving their info by sending out direct messages through the victim’s account.
Unfortunately, unlike most “phishing” scams that are obvious forgeries, these appear to the recipient as legitimate Twitter direct messages. The key tip-off, however, is the fact that the login URL is not “twitter.com” but a spoofed misspelling of the domain name.
The moral of this story… make sure you know “where you are” when you enter your username and password! A hacked Twitter account is a lot less of a big deal than a hacked bank account.