Sophos Labs: Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers.
However, the messages are really designed to steal your Twitter usernames and passwords.
Here’s a typical message that users are seeing:
Twitter finally released an app that tracks your “Stalkers” get it here [LINK]
If you click on the link you are taken to what appears to be a legitimate Twitter page, asking you to confirm your username and password before the “Stalkers” app can access your account.
However, if you look at your browser’s URL you will see that the page is not hosted by Twitter at all.
If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.
Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, say, your Gmail, Hotmail or PayPal accounts as well.
If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.
Not just on Twitter, but also make sure you’re not using the same password anywhere else on the net.
And remember, it’s important that you don’t use a word from the dictionary as your password. It’s easy to understand why computer users pick dictionary words as they’re much easier to remember, but as I explain in this link a good trick is to pick a sentence and just use the first letter of every word to make up your password.
You can always use password management software such as KeePass or 1Password to remember complex passwords if you find it too difficult.
There’s some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in “Account Settings”, and revoke access for any third-party application that you don’t recognise.
Follow me on Twitter at @OmidFarhangEn if you want to keep up-to-speed with the latest threats, and learn how to protect yourself.