Avoid the Twitter Direct Message DM Phishing Attack – Don’t Click or Enter Passwords

Twitter is experiencing a Direct Message Phishing Attack as people fall for a fake Direct Message with an innocuous looking “LOL – is this you?” and a link to a fake site – “LOL – This is funny” DM’s with links pointing to equally innocuous looking web sites, with a query string appended which is the real link. As you can see from the email image below, the link, although it looks like Twitter, is actually a site called “BZPharma.net”


If you’re using high security settings in your browser with phishing warnings in place, like you see below in the Safari browser – heed the warning and close the window.

bzpharma.net phishing direct message scam on twitter

bzpharma.net phishing direct message scam on twitter

It’s a bit disconcerting that people are so quick to believe that the direct messages they get are real – but when phishing happens to you and you’ve entered your password, it’s imperative that you immediately return to your twitter account by typing the address into the browser address bar, so that you know where you’ve navigated to – then change your password.

If you find that your account is sending these DM’s – your account has been compromised and you need to stop the messages from going out by changing your password quickly.

Reblog this post [with Zemanta]

View all contributions by

Search Engine Veteran - Enterprise SEO & Small Business Entrepreneurs. Advisor to startups for pre-launch optimization SEO Audits & consulting.