I had a direct message from a friend on twitter today asking about a direct message she’d had from someone she followed. The direct message said,
“Someone said this real bad thing about you in a blog….[link removed]”
If you click the link it takes you to a website at tnijurl.com and then a ‘twitter login’ page at berichtenversturen.com/ which appears to be the twitter.com front page but is not. The domain name berichtenversturen.com was registered in China in November 2010. tnijurl.com was registered in Poland.
The direct message is a ‘phishing scam’ aimed at stealing your twitter login details. I wrote about these scams back in February 2010, with links to some useful twitter resources about keeping safe.
Twitter has a very useful help page about problems with phishing and hacking. A good place to start is here: Safety: Keeping your account secure.
{ 1 trackback }
{ 17 comments… read them below or add one }
Once again a very informative blog, being reasonably new to twitter I find these blogs really helpful.
Thanks for the info – I’ve been hit with this twice in the last ten minutes.
Quick work Sue, thanks for letting people know about this, I got this over the weekend, very sneaky.
Best regards, Peter
Peter L Masters´s last [type] ..Microsoft taking on Google+ and Facebook? Social media satire 20.
I have experience phishing in facebook.. I have recovered it after 3 weeks.. I found out someone was using my account.. it made my account safe for that..thanks for an informative post..
hannamay´s last [type] ..Luxury Chalet
Thanks for the comments everyone.
I notice there have been some new variants of the DMs – such as:
“Did you really say this about me? one of your followers sent me this..”
UPDATE:
Two recent new phishing messages:
“Found you in this funny picture”
and
“ROFL this pic i found of you had me dying lol”
Don’t click the links, tell the user about it and what to do, thanks.
And another phishing message on twitter just arrived now via DM:
“Someone is posting a pic of you all over twitter ;( link2pic here: “
Today I’ve been getting phishing messages saying:
“ROFLMAO i can’t stop laughing at this pic of you…”
and
“lmao this video of you is funny as hell, im sharing it with everyone”
Yup, they got me to
i’ve cliked the link 
( 2 times 
((for my 2 Twitter accounts 
((( I’ve changed both paswords 
(((( do i need to change my other pssw for other account (like FB) concerning this e-mail ?????
Hellllllppppp !!!!!!!!
Julia Winston´s last [type] ..Julia Winston – Bangkok Travellings – An impressionistic journey into Bangkok – Part I
Hi Julia,
If you are using the same password elsewhere it might be wise to change them, but the main procedure is here:
https://support.twitter.com/forums/10713/entries/31796
The important thing is to revoke access on your account to applications that you have allowed to log in. This might include applications like Hootsuite and Tweetdeck for example, or analysing sites you might use like Peerindex or Klout. Have a look on your settings (top right at twitter.com, click on your avatar to see the settings in a menu) One of the tabs in your settings is called ‘Applications’ which you have given access via Twitter’s O-Auth protocol to access your site without your password.
Once you have changed your password, revoke access to the applications listed here (the wise thing to do is list them all, then revoke access to all, then re-permission those you use as you need to). This way your new password is protected and if a hacker has used an application to steal access to your account they won’t be able to because you revoked access AND changed your password.
Hope that helps.
I have been a fan of this blog site. And this post is simply great!!
nancy´s last [type] ..Getting Pregnant Faster
Another version of the phishing direct message arrived over the weekend in droves:
“This made me laugh so hard when i saw this about you lol”
If you find yourself sending these messages, don’t forget to revoke access to applications as well as changing your password on twitter. Both can be done via the settings on http://twitter.com/settings/account
Just got a new twitter phishing direct message:
“Top 15 Funniest Things!! [link removed]”
The same account had a public message:
“Are you serious about weight loss? Read this article ASAP!”
If one of the people you follow sends these messages, do let them know and advise them to change their password and revoke access to applications.
Have you ever heard of someone getting an email stating: “Hi its me ______ im one of your twitter followers…Someone grabbing your avatar on twitter..I feel everyone desire to imitate your account..I suggest you to inspect his fake twitter here just click the Twitter image…Sorry for my sick english…….”
I recently put my email in a tweet to someone I meant to DM, but just hit reply accidentally.
I wonder if this is a scam. If it’s not how would I go about finding out if it were true another way?
Thanks!
I just got this from a person that I know would never send this out. I let them know they have been hacked. 6 months ago it was done to me with a picture scam! Changed password two times and that cleared it up. Thanks, this time I googled the phrase and found your site.
This is really a great tips.. Thanks for this post! Keep up the good work!
Kisha´s last [type] ..Spot the anxiety before you have a panic attack.
I’ve been getting various “im one of your twitter followers” spam emails, and I now recall accidentally @replying someone my email instead of DMing it. I deleted the @reply seconds after realising, but I guess it’s too late.
Something worth noting is that it’s always form @yahoo accounts. So I just set up a blacklist filter for from:@yahoo and contains words:twitter.