Phishing spam on Twitter

Dear Twitter,

You have done an incredible job of responding to a massive influx of new users, especially over the last 8 months.  With growth reaching 1400% month over month, the need to react and support quickly has been critical, and for the most part I would say you have done so better than just about anybody else has that has seen such rapid growth on their platforms.   With the recent roll out of Twitter lists you have also added value to the community by providing a tool that people can use to pull some signal out of all of the noise.  Many are finding the lists as the place to discover and follow new people.  Thank you for all of your work.

A new phenomenon has bubbled up from the user community, and it’s something that I would like you to take quick and decisive action on.  Phishing scams have torn through Twitter on an almost daily basis for the last several weeks, with unsuspecting users clicking links and turning over their credentials.  The results have been painful to deal with…I’m receiving dozens, and sometimes hundreds,of direct messages from real people (not bots) every single day with messages like, “hey. do this iq quiz for me http://quiz6545.info” and “i found y0u http://videos.twitter.shjjiwe.com/?vpgdzxiaq”. This is phishing that is perpetuating too rapidly and it’s starting to ruin the communication platform for me. Here is what needs to happen to fix this…

Another day, another phishing or malware scam on Twitter. It seems like these are happening entirely too often, and the reason is that people continue to ignore common sense. Very, very rarely will a site hijack an account of some type without getting input from the account holder. The scam du jour is a Twitter hijack attempt that asks for a username and password, and once received will not only DM your followers with a message, but will also post it publicly on your account. The message will appear as one of the following, or a close variant:

• hah, i think i seen u on here http://videos.dskjkiuw.com/
• this you? http://videos.dskjkiuw.com/
• lol this vid is funny. http://videos.dskjkiuw.com/
• haha check out this vid http://videos.dskjkiuw.com/

DO NOT FOLLOW THESE LINKS AND GIVE YOUR LOGIN INFORMATION!!! This page will take your Twitter login credentials and hijack your account.  As of right now it appears to only try to propagate itself by getting others to log in, but it could use your account for other reasons.  If you did receive this and you did “log in”, you must CHANGE YOUR PASSWORD IMMEDIATELY!!!

Earlier today I received a private message on Facebook from a personal friend of mine asking me to “Check 151.im”.  Knowing her and knowing the type of message, I immediately recognized it as a phishing scheme…that is, an attempt for me to voluntarily hand over personal information to a site that I think is something I regularly use.  Very often phishing schemes involve bank information, but in this case the website in question looks like the login page for Facebook.  Understand that it is not Facebook, it is an attempt to get your username and password!