Twitter “wrong credential combination” phishing scheme

If you have followed a link on a Twitter message from a contact that says “You have to be the first to see these new pictures!! LINK” and entered you username and password when asked, chances are your Twitter account has been compromised.

The link takes the victims to a phishing page that tries to trick them into believing that they have somehow entered the wrong credential combination:

If they enter enter their correct credentials, the page snatches them and the same message they fell for gets sent to all of their contacts.

As Sunbelt researchers have discovered, the phishing page doesn’t discriminate – it will snatch even wrong username(email)/password combinations, and will then redirect you to the Twitter log-in page. And this is where you can be sure that the page is a fake – if it wasn’t, it would return an error notification because you entered the wrong combination.

There are also other indications that there is something “phishy” going on:

Your browser will probably ask you to remember the password since you handed it over to a new site, and there is the Twitter “sign in” button that should not be there if you had actually logged in.

If you have fallen for the scheme, this is the best time to go and reset you Twitter password. And remember not to follow links in similar messages in the future.