Tsk, tsk, people. Have we not learned anything from past phishing attacks?
How the Scam Works
Similar to previous scams, it all starts with an intriguing direct message:
Did you see this pic of you? lol [SHORT LINK]
The embedded short link leads to a phishing page that would make anyone believe it were a legitimate Twitter page asking us to verify our account password – IF we never bothered to look at the URL in our browser’s web address bar:
Of course, any information entered into the above form would be sent off to the scammer and the victim would be questioning what just happened after being redirected to a (fake) 404 page:
After a few seconds, you’ll be redirected to the real Twitter website:
At some point the attackers will hijack your Twitter account to spam your followers with the same DM that tricked you in hopes of expanding their list of victims.
Don’t Fall for This Scam!
Now that you know how this phishing scam works, here are a few ways you can protect yourself in the future:
- Do not follow short links without expanding them first. You can use a free service like longurl.org to check the true destination before following a link.
- Be cautious of links that go to a page asking you to login. You were logged in just a second ago, why do you suddenly need to login again?
- Always check the URL in your browser’s web address bar before entering any sensitive information. Scammers can fake the look and feel of a website, but the URL does not lie.
What to Do with Twitter Phishing Scam DMs
If you happen to receive one of these phishing messages, it is recommended that you:
- Avoid clicking on any embedded links.
- Report the DM to Twitter.
- Let the sender know that their account has been compromised and advise them to change their Twitter password.
- Delete the DM immediately.
- Warn your fellow Twitter users!
Have you seen this scam yet?