Some Twitter phishers prefer to scare or worry their targets into clicking on the offered link, others put their money on pure, unadulterated curiosity.
The latest phishing campaign to target the users of the popular microblogging service falls into the latest category as, according to Sophos, the direct messages received by the potential victim contain the following text:
so i googled your name and found some really funny stuff about you lol its archived here [LINK]
The message is sent from a compromised account belonging to the target’s circle of followers, lending it at least a hint of legitimacy and raising the chances of the link being followed.
As predicted, the link takes the user to a rather legitimate-looking – but fake – Twitter login page. Careful users will check the URL in the address bar, find that it isn’t situated on the twitter.com domain (but, as in this case, on itwitter.com) and close the page without giving up their login credentials.
Unfortunately, there are a lot of users who aren’t that careful or simply don’t know what to look for when assessing a page’s legitimacy.