Twitter attack affects thousands of users
The microblogging site has been hit by a second phishing attack in a week
Twitter users have been warned not to click links in some tweets, after the microblogging service fell victim to its second phishing attack in a week.
Cyber criminals are using the service to trick people in to giving away their username and password for the site. Users have been receiving direct messages from friends on the site which contain a shortened link.
When users click on that link, they are directed to a malicious website, which looks just like the Twitter home page, where they are prompted to enter their login details.
As soon as they hit enter, the malicious message is sent to everyone on their Twitter friends list, helping the scam to spread across the internet.
Security experts fear that cyber criminals could use this login information to hack in to other accounts, or gain remote access to a computer.
Earlier this week, some Twitter users were receiving direct messages that said: "This you????" and contained a link. Now another phishing message, reading "hi, i'm 24/female/horny ... i have to get off here but message me on my windows live messenger name", is also spreading across the service.
"It's bad enough if hackers gain control of your Twitter account, but if you also use that same password on other websites – and our research shows that 33pc of people do that all the time – then they could access your Gmail, Hotmail, Facebook, eBay and PayPal accounts too," said Graham Cluley, a security expert with Sophos.
"Our advice is to be cautious about the links you click on, choose a strong password, and, if you find that you're spreading suspicious messages from your Twitter account, change your passwords immediately.
"You should also check the Settings/Connections area of your Twitter account. If there are any third-party applications you don't recognise listed there, revoke their permission to access your account."
Cluley said that the spate of phishing attacks against Twitter could put some people off using the service.
"These attacks are becoming quite an issue, and if they continue at their current rate one has to wonder how many Twitter users will become so fed up that they'll close their account, up-sticks and move elsewhere," he said.
Twitter said that it was aware of the problem, and was working hard to secure the site against similar future attacks.
"Over the past few days, we’ve seen an increase in phishing attempts and are working on resetting passwords for accounts that were affected," said the company on its blog.
"If you receive a direct message or see a message with a phrase like “This you? ” or “LOL is this you” followed by a link, please do not click through; there’s a phishing site on the other side.
"While simply receiving this message does not mean your account is compromised, if you do click through and enter your username and password, you’ll want to change your password. If you’ve received this type of spam from a friend, you may want to alert them to change their password."