It was back in August 2011 when I first posted about having my twitter account hacked. In the last week both my personal and Liverpool Acoustic twitter accounts have been inundated with personal messages from accounts that have been hacked.
Most of the time the account owner isn’t aware that they’ve been hacked, and most of the time they’re totally baffled as to how they got hacked in the first place.
Strictly speaking their twitter accounts were not ‘hacked’ because nobody was forced to guess their password. The real term is ‘phishing’ which involves the twitter account owner being tricked into giving their username and password to someone else.
Here’s a re-post of my original blog entry. The twitter messages might have changed slightly, but it’s still as relevant today as it was a year and a half ago.
There’s a first time for everything, I suppose.
I’ve had one of my social media accounts hacked for the first time ever, and I’m a little annoyed that I got caught out. But with this phishing scam using twitter, it just shows how easy it is for the scammers to set it up and how easy it is for us mugs to fall for it.
This is how the current scam works.
You receive a Direct Message (DM) or a status update along the lines of this one.
You’re curious, so you click on the link and it takes you to this website.
You think it’s just twitter playing up again so you add your user name and password and try to sign in.
What you didn’t notice, however, is that the website you’ve just given your username and password to IS NOT TWITTER!
Have a look at the web address to see.
Did you spot that it wasn’t twitter when you first went to this site? No, neither did I. The website looks exactly like the twitter sign-in page, and the address ltwltter.com is close enough to twitter.com for most people not to notice.
And the first thing you’ll know about it is when you start receiving lots of messages from other people to tell you that your account has been hacked!
So, the lesson is…
If you click on a link and it takes you to a website (any website) that asks you for your user name and password, ALWAYS check the URL web address.