Do you always stop to check the URL when logging in to a reputable site, such as Twitter? Luckily it’s second nature to me to do so, but I wonder how many don’t.
I have received a couple of Direct Message notifation emails saying “People have been saying bad things about you” in the title on one of my niche Twitter accounts. As it’s a brand new niche and I have only divulged my first name, I doubt anyone knows who I even am on that account, so I find it hard to believe anyone could have done so. But I do knowthat sort of email title is a known spam strategy to get people to open emails, so I thought I’d check it out.
But it was worse than spam. It led to a phishing login that looked exactly like Twitter, but the URL said otherwise. The page said it had timed out and that you need to login again. Any site that is not Twitter is only after your login details so they can hack your account and send spam tweets under your name, and therefore eliminate the risk of having their own accounts closed. Twitter already knows about this as they blogged about it in January. I still sent them an email with the usernames and phishing URLs.
Of course people will report them, so the accounts they use to send people to the phishing page will only be temporary but they will no doubt collect thousands of usernames and passwords before that happens.
I mean can you imagine your typical teenager who is obsessed about what others think of them, stopping to check the URL before logging in to find out what others have been saying about them? A lot of them are not going to hesitate. It might not be necessary to warn other internet marketers, but still it’s useful to know that it is going on. And marketers do use Twitter a lot.
