If you believe everything you read on Twitter, you might be under the impression that you need to sign some sort of online petition in order to keep using the micro-blogging service for free. Well, that idea isn't exactly true — and it could lure you into a password phishing scam.
The folks at Sophos report that the latest Twitter-based scam is luring users into handing over their login information by tricking them into following a malicious link.
Here's how the whole thing goes down:
A Twitter user sees a tweet along the lines of "Twitter might start to charge in October, sign this petition to keep the service free! [URL redacted]"The user clicks the link — a short URL which disguises the evil nature of the link.A site which looks very much like the real Twitter login page appears and the user sees a message that his or her session has expired.The user logs into the fake Twitter site and thereby hands over his or her username and password to some bad guy.It's so simple that it's almost silly, no? But a lot of people are still falling for the scam.
What can you do if you happen to be one of those individuals who happened to follow the malicious link without thinking twice? Change your Twitter password immediately — and revoke all applications' access to your account. (You can reauthorize the legit ones individually afterwards.)
Related stories:
Rosa Golijan writes about tech here and there. She's obsessed with Twitter and loves to be liked on Facebook. Oh, and she can be found on Google+, too.
No comments:
Post a Comment