Apologies, but early this morning I received a direct message (DM) from Twitter with the following text.
Bad blog going around about you, have you read it yet? then a short url link
It turns out that I was being phished for my Twitter account details. I got my password right for a change and next thing I knew I’d sent the message on to all my followers. Sorry about that! Sequence of events is:
- You receive the “Bad blog…” message from someone who’s following you on Twitter
- You click on the link to see what is being said
- You get taken to what you think is a Twitter timed out session page.
- Unquestioningly you attempt to log in to your Twitter acount
- There is no bad blog… but the damage is done. You have just given your userid and password to a phishing site called twittelr.com
- The phishers then log in to your Twitter account and send out the Bad blog message to your followers
- Go to 1.
That’s the bit I know about. They don’t change your password… so if you’ve been phished you’d better do so. I don’t know what else gets taken from your Twitter profile.
Step 5a. You can’t find the bad blog against the first twitter account you logged in as so you try another account! What a dinlo.
Apparently there were more steps. If you had not changed your password then a few hours later something else happened and a this time it was a bit nastier. The Twitter queen knows more.
Regarding password changes. Once the birds at Twitter land caught up with the problem they very nicely went to the phished accounts, reset the passwords and sent an email to you. For those of us who go to Twitter before reading our emails this made it doubly interesting. Maybe one day they’ll add a spam filter to prevent messages with certain text content from being sent.