Twitter users are being targeted by another phishing attack designed to steal login details, warns security firm Sophos.
Some users of the micro-blogging service last night received direct messages with a short text message and a link, similar to this: "rofl this you on here? http://videos.twitter.secure-logins01.com".
The link appears to go to a video sharing page, but instead displays a fake Twitter login page designed to steal the user names and passwords of unsuspecting users.
"Just like hackers like to commandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, so they are increasingly interested in doing the same with social networking accounts," said Graham Cluley, senior technology consultant at Sophos.
Cybercriminals know computer users are more likely to open a message or click on a link sent to them by what appears to be their online friends and colleagues via a social networking site, making it easier to launch financially-motivated attacks, he said in a blog post.
"In this case the bad guys are also able to access potentially sensitive private information you have in past direct messages you have sent and received via Twitter," he said.
Cluley said Twitter users who have entered their details into the fake Twitter page should change their password immediately before it is abused by the cybercriminals behind the rofl Twitter attacks.
Potential victims should also change their login details on any other sites where they use the same password as their Twitter account because those sites could also be compromised, he said.