A shortened URL leads to a convincing Twitter login page. Twishing also spreads to Facebook.
The latest attempt to grab user names and passwords from Twitter users has been spreading rapidly on Twitter and Facebook. The phony direct message: “This you????” is followed by a shortened URL that leads to a pretty convincing Twitter login page. The malicious URL is also spreading on Facebook, where some users have linked their Twitter accounts.
This tactic has been used time and time again and is successful because it comes from a person being followed and trust on some level. A similar “This you” phishing campaign first surfaced last September. The domain name uses the same email address used in the previous campaign: email@example.com The domain is registered in Shang Hai. In addition, the URL also sends people to a phony Bebo social networking page.
Graham Cluley of Sophos posted a video demonstration of the This you??? phishing attack.
If you suspect any of your Twitter accounts have been compromised, change your passwords immediately.