Gone Phishing

There is a Twitter phishing scam going around at the moment that I’m unhappy to say I fell right into.  This quick post is just a warning to anyone who reads it to hopefully help them not do the same thing.

I’d been off the grid for a few days so I hadn’t heard the news about this scam, but it’s been floating through the Interwebs for 2 days apparently.  It did strike me as odd when i clicked on it that I had to relog in to Twitter, but I’d been playing with different browsers so the fact that it was asking me for a password didn’t seem all that unusual.  Of course, I should have taken more notice of the URL that was in the address bar, but I was too late.

I got a direct tweet from John Pearce that said…
“fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-logins.com/login” 

I know John. I trust John. So I clicked it.  It asked for a password, which as I mentioned, was not unusual considering I was trying a new browser (so the password wouldn’t have been already saved in it)  I realised what I’d done almost immediately but by that stage it was already too late.  Bugger!

Since then I’ve had a steady stream of people informing me that my Twitter has been compromised and I’ve now updated the password.  Thanks for the heads up folks.  It’s all fixed now.  And judging by the talk on twitter, I’m not the only one to fall for this scam.

What I found interesting is how easily we can be tricked when there is an element of trust involved.  I’m normally pretty vigilant about suspicious files and links, but I didn’t really question the offending tweet, since I trust John Pearce.  It goes to show the sort of damage that can be inflicted when the troublemakers are able to bring phishing down to a really personal level.