The latest phishing attack is striking Twitter users by sending them messages saying that they’re fat.
Well, at least that’s how some people will interpret the message that’s being sent via DM (direct message) from compromised accounts:
you look like you lost weight in this video.. [LINK]
If you’re curious, you might click on the link which will take you to what appears to be the standard Twitter login page.
Hang on. Let’s take a closer look at the URL to see if this is really the Twitter login page. If your brain is running on autopilot, or if you’re simply seeing red at the suggestion from your friend’s message that you’re fat, then you might enter your Twitter username and password into the login form without thinking (after all, you want to see that video – right?)
And if you do enter your details, you’ve been phished.
If you did use the same password for multiple accounts, you should change this bad habit and start creating unique access codes for each service you use. There are free password management tools that integrate well with browsers and can help make this easier.
In addition, you should train yourself to always verify the URL in the address bar before logging into any website. It’s also good to keep in mind that short URLs can lead to malicious pages. Because of this, if there are extensions available for your browser that reveal the destination of shortened URLs in advance, it would be a good idea to install one.