Phishing campaign uses a direct message and a fake Twitter login page to pilfer credentials.
Twitter issued a spam warning via a Twitter message telling users not to click on a direct message that sends users to a Twitter login page. The Twitter warning said the login page is a fake and attempts to steal login and password credentials. Once a victim types in their credentials, a fake Twitter fail-whale over capacity message is displayed.
Sophos security expert Graham Cluley blogged about the Twitter phishing attempts on Wednesday, describing the fake Twitter message. calling on users of the social network to change their passwords regularly.
So, what should you do if you fell for one of these phishing messages and handed over your Twitter login details to the bad guys? You should consider yourself now hacked, and must change your Twitter password *immediately* before your account is abused by hackers.