As many as 13,000 Twitter users have been affected by a new “worm-like” phishing attack that feeds on some members’ desire to gain more followers. The said scam dupes users into forking over their account names and passwords using a Web site called “Twittercut.”
Twitter users may see the following tweet in their stream:
When they click on the link, they are redirected to a fraudulent Twitter Web site that asks them for their account name and password. Once the needed login details are entered, the site sends similar messages to all of the affected users’ followers, along with links to a paid dating service.
The messages are said to have started from an account called @twittercut, which had been disabled. But then the tweets continued to come, this time from a new account called @tweetcut. The latter is now also inoperative.
“According to several social network blog sites, TwitterCut has been the bud of several rumors,” they said on a message on their site. “Our website and its programmers can assure you that these rumors are not true and that TwitterCut is simply a Twitter train that was a work in progress!”
Twitter acknowledged the problem with a post on its status page Tuesday night. “We are currently pushing a password reset on accounts we believe may have been caught in a phishing scam,” said the company. “Please exercise your best judgement when thinking about releasing your username and password to third parties.”