Beware: Twitter and Facebook Phishing scam

The internet is all a twitter with talks about the latest phishing scam to hit popular sites like Facebook and Twitter. 

Twitter’s Get Satisfaction forum (their help pages) are quickly being filled with users pleading for help, saying they were recently phished. 

Twitter has quickly jumped on the alert bandwagon, posting a message above Twitter feeds on the actual site Twitter.com reading:

However, their main blog, as of 5:50pm  PT on January 3rd remained free of any additional information, but their status blog did have a brief update. In addition to this, users who don’t access Twitter through Twitter.com and instead use popular third party sites like tweetdeck or through their iphone might not see the message and instead, must rely on their friends to retweet the warning.

CNET reports that the phishing scam mimics the recent Facebook Koobface virus:

 Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, “hey! check out this funny blog about you…” The URL in the message then redirects to a page that looks like the Twitter login page, but is actually not on Twitter–it’s a site, twitter.access-logins.com, that masquerades as Twitter to steal your login credentials instead.

Recent reports also note that Facebook is also being spoofed in a similar login manner, so user’s best bet is to check their URL for authenticity before clicking on any links in DMs. If it isn’t a pure Twitter.com URL, don’t provide your login credentials.

As far as the “Tweet alert system” goes, I’d say this would make a great case for Twitter to strong-arm their users and pull a MySpace– compelling users to receive messages or Tweets from “Tom” — aka Evan Williams in Twitter’s case, anytime there’s a potential security threat. This would surely assuage many users who are “frantic” with the sheer thought of identity theft.