Twitter users are reporting a new attempt to extract their usernames and passwords — a Direct Message attack that asks “You’re on here?” with a link. Others report DMs linking to a site called “mhansenhome” with the message “’someone posted on their blog about you”.
The advice is straightforward: if you get such a message on Twitter, DO NOT click the link or enter your login details on the landing page. If you find you’re sending out these DMs to friends, change your Twitter password.
Twitter recently took steps to combat phishing by introducing its Twt.tl URL shortener — links sent via DM now appear as “‘twt.tl” links in your email notifications, allowing Twitter to re-route malicious links to a warning page in some cases.
Reviews: Twitter
