Just a few days after writing an article on how to avoid phishing and spoofing scams, it was with precision timing that we were the target of a phishing attempt on Twitter. Always grateful for extra blog material :)
A Twitter Phishing Expedition
The benefit of shortened links is they are short, the downside is they mask the destination website address, so are ideal for phishing scams. Visiting the page through the mobile Twitter app won't automatically show you the destination website address, so it's easy to understand why some people may be tricked into entering their details while on the move.
Spoofed website
The link takes you to what looks like the Twitter website, where you're told that your session has timed out and you need to enter your username and password to sign in.
As discussed in our recent blog article, be wary of any site which asks you to fill in login details after clicking a link. At first glance the site may look okay, but take a closer look at the website address:
Anyone who enters their details into the fields and clicks 'Sign in' will have their username and password captured and then be forwarded and logged into the legitimate twitter.com site, so they may not be aware that it's happened. The account that sent us the message was most-likely an earlier victim of the scam.
What to do if you've been caught out and entered your details
You should visit the legitimate Twitter website immediately and if you can still access your account, change your password, and if you've used that same password on other sites you need to change it on those too. If you can't access your account visit the Twitter Compromised Accounts help page. You should also report the phishing site to Twitter.
It always pays to be suspicious of unsolicited messages or emails which ask you to sign into or verify accounts. Making yourself aware of phishing and spoofing methods will make these scams much more obvious to you and reduce the chances of ever being affected.
Further Reading
Related Articles
My1Login Wins Best Identity Management Solution 2022
My1Login wins Best Identity Management Solution at the SC Awards Europe 2022!Join My1Login at DTX Manchester
My1Login will be exhibiting at DTX Manchester on 27th and 28th April 2022. Also at the event, one of our customers, Liam Mahon, Director of Digital & Innovation...
