From time to time, I get scammy tweets from random people that I follow. The latest twitter scam that I’ve gotten, is actually a really good use of social engineering. It preys on people’s natural inclination to find out what people are saying about them. Specially the way that it’s phrased:
Following the link, you get to a website that looks like this:
Which if you’re not paying attention to the url (look where the arrow is pointing) can easily confuse an inattentive user since this page looks just like the real twitter page.
I can see how a lot of people would just enter their credentials thinking they are signing in to twitter.
The insidiousness of this scam, lies in that a lot of people use the same email and the same password for multiple sites. So, once you provide your login credentials to these scammers, you’ve potentially compromised all of your online accounts, specially if they all use the same password.
The moral of the story: don’t click on links that say things like “someone’s started a bad blog about you” or “You should really see this!” or any other kind of variation of these phrases, even if it comes from someone that you know.
The other thing, is to always, always, always check the url of any page that asks for your login credentials to make sure that you’re logging into the website that you think you’re logging into.