Apologies, but early this morning I received a direct message (DM) from Twitter with the following text.
Bad blog going around about you, have you read it yet? then a short url link
It turns out that I was being phished for my Twitter account details. I got my password right for a change and next thing I knew I’d sent the message on to all my followers. Sorry about that! Sequence of events is:
- You receive the “Bad blog…” message from someone who’s following you on Twitter
- You click on the link to see what is being said
- You get taken to what you think is a Twitter timed out session page.
- Unquestioningly you attempt to log in to your Twitter acount
- There is no bad blog… but the damage is done. You have just given your userid and password to a phishing site called twittelr.com
- The phishers then log in to your Twitter account and send out the Bad blog message to your followers
- Go to 1.
That’s the bit I know about. They don’t change your password… so if you’ve been phished you’d better do so. I don’t know what else gets taken from your Twitter profile.
Step 5a. You can’t find the bad blog against the first twitter account you logged in as so you try another account! What a dinlo.