We are receiving an increasing number of reports of a type of phishing on Twitter that can potentially dupe even the most careful users. It exploits your trust in well-known brands in order to steal your credentials, or download malware on to your computer.
The message will come from one of your contacts who could send you a Direct Message – and has a URL attached that leads to a genuine-looking Facebook page, but is actually part of apps.facebook.com, which has no connection with genuine apps. Entering your Twitter login credentials as directed will actually hand them straight to someone who will hijack your account. Whilst you are being taken to an App on 'apps.facebook.com', the App sends you off to a fake Facebook page from which it can glean either your Twitter details and/or your Facebook details. Some messages can be spotted by careful users because they include spelling or grammatical errors … but others do not.
The messages come in various forms, but typically refer to you appearing in a video or a picture, which could easily tempt you to take a look. They are from your contacts only because they have fallen for the scam and their account has been compromised. A similar scam message takes you to a page which tells you that a new YouTube player needs to be downloaded.