GRRRRREATTTTT. I’ve managed to keep my eyes peeled for scammers pretty well up to this point, but I was really busy and tired yesterday, and wasn’t paying much attention to what I was doing.
Yesterday, I received an email from Twitter (sheesh, I get about 20 a DAY) from a follower. The message was this:
You can see the link looks suspicious: twitter.secure.bzpharma.net/login. Uh HUH. I didn’t notice it at first glance, though.
At first I was like, “Oh great, NOW what are people slandering me for??” My memory is kind of fuzzy here- I don’t *think* I clicked the link in the email. Maybe I did. I can’t remember if I actually signed in to my Twitter account. I hope I didn’t. I did a search on the link in that email, and this is what I found at Mashable, it’s a new Twitter phishing attack:
A Twitter phishing attack is spreading rapidly today, attempting to obtain Twitter logins via Direct Messages. If you receive a message reading “lol, is this you”, and linking to a site called “bzpharma”, do not click the link.
Users who do click that link and enter their details are inadvertently letting spammers take over their accounts, which are then used to spam the same Direct Message to all their friends.
If you’re receiving these messages, your account is not compromised, but if you find you’re sending them, make sure to change your Twitter (Twitter) password immediately.
The IT security firm Sophos released this video regarding the attack:
If you think your Twitter account has been compromised, CHANGE YOUR PASSWORD IMMEDIATELY! I have already received obscene spam from two of my Twitter followers, so their accounts are compromised.
The crappy thing about this is that, while Twitter knew of the phishing scam and attacks, and publicly warned people, they never send out emails to Twitter users… I don’t see why? I mean, if there’s an attack on the site, wouldn’t it be good to email everyone to tell them? I like Twitter and I like tech news, but I don’t wait breathlessly by the Twitter news feed to check for new scams every day.
As a policy, it is best to NEVER NEVER NEVER click on any link in an email anymore, ESPECIALLY if you have to sign in with a username and password. Just never do it, never. Better to be safe than sorry.
As for me, I did click the link in the email. I don’t *think* I signed in to Twitter, though. Instead, I looked up the link- the “pharma” word in it made it suspicious. But as a precaution, I changed my password right away.
Life is never dull, and exciting things just seem to always happen to me... why me... when I'm not running around the house fixing things, I'm a freelance writer for national media outlets like USAToday.com, Salon.com, and others. I've even been interviewed by TIME and The Wall Street Journal about blogging. Can you believe it?! Here is where I express my zany, creative, motherly side. 
February 22, 2010 at 11:31 am
You must have been out of it, that doesn’t sound like you at all.
They tried this on Facebook too. Fortunately I got the email from someone who I don’t interact a lot with on Facebook.
February 22, 2010 at 9:48 pm
people are so lame!
February 22, 2010 at 11:42 pm
Yeah, Lisa, I’m pretty tired lately. Usually I try to be “on the ball.” I don’t think I signed in… what’s weird is that I didn’t remember!!
Meg- DITTO, baby! I wish some folks would GET A REAL JOB or something!
February 23, 2010 at 5:39 am
Yup, that’s how my Twitter account got hacked. I should have known better to than to bother with that one but I went ahead and clicked on the link and the next day I got messages from some of my blogger friend followers informing me they got an offensive direct message from me-YIKES! I was flaberghasted and changed my Twitter password immediately (even though I was at work by then)! What a sinking feeling! I’m going to share about my experience too with this and include a link back to you here.
Also, thanks SO much for your help with getting my Firefox browser to open again!
February 24, 2010 at 7:09 pm
Now Becs, you know twitter don’t tweet.. ironic huh ?
when I wrote about it over the weekend I thought the same thing and then it hit me, when did I subscribe to twitter itself ? welllllllllll.. okayy.
February 24, 2010 at 7:10 pm
hey girly where’s my link !!!!!