Direct Messages saying “You look like you lost weight in this video” are the latest approach used by cyber crooks to harvest Twitter login credentials, warns Twitter.
The messages are sent from already compromised accounts, and contain a link that supposedly shows the video, but in lands user on a well-crafted bogus Twitter login page.
Sophos points out that a closer look at the page’s URL will reveal the scam to the more alert targets:
But, there are always users who can be taken in by the flattery and get undone by their own curiosity.
Luckily, Twitter has already begun resetting password for the compromised accounts. But if you’re one of the user who has fallen for this scam and you use the same password for other online accounts, be sure to change it on them, too.