Twitter in Phishing Scam

Filed as News on January 5, 2009 4:28 am

Twitter is being used in a phishing scam to obtain your login credentials, using a fake login site under different domain to try and trick you to fill in your username and password. They are using direct messages to do this, and supposedly uses tricked accounts to widen their scam. Read the Twitter blog post for more.

Always make sure that you sign in on! That way you’ll know that you’re not sending your login credentials through an unknown party. You might even want to take it one step further and just not click any links in the notification emails sent out that tells you you’ve got a DM. Just go to instead, and click the DM link in the right column and you’ll be in the clear.

Tags: ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or

Did you like it? Then subscribe to our RSS feed!

  1. By Michael Leung posted on January 5, 2009 at 5:34 am
    Want an avatar? Get a gravatar! • You can link to this comment

    That’s old news. Twitter neutralized the threat over the weekend!


  2. By Thord Daniel Hedengren posted on January 5, 2009 at 5:54 am
    Want an avatar? Get a gravatar! • You can link to this comment

    While they might neutralize one particluar source URL (the one screenshotted in their blog post, presumably), there is nothing stopping phishers using another one. That is, until Twitter notices it and blocks that URL too. It will be an on-going battle with the bad guys, and it will never be old news because of that. ;)

    You don’t neutralize threats like this, you temporarily block them. That’s the flipside on having an API.


  3. By Twitter Phishing Scams posted on August 15, 2009 at 5:15 am
    Want an avatar? Get a gravatar! • You can link to this comment

    It looks as though this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email said, “hey! check out this funny blog about you…” and then provided a link. That link redirected to a site masquerading as the Twitter front page.


    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.