Yesterday I logged on to my Twitter account and saw a couple of direct messages from one of my contacts. I found them quite odd from the moment I opened them, as they were not the kind of messages this person would send to me. Anyway I opened the link he included in those messages and immediately noticed the trick. These are not real DMs: they’re a phishing scam to obtain your Twitter password.
Luckily for us, the swindle is fairly easy to spot. First, double check every link before clicking on it, even if they come from people you trust. Also, make sure you’re on the actual Twitter domain before entering your login data: the scam page may look exactly like the real thing, but the URL is not twitter.com. The good thing is that if you’re a Firefox user, your browser will probably detect the fraud for you.
If this advice is already too late and you’ve been tricked, use the Reset password service to create a new password and regain access to your Twitter account. Meanwhile, you can find more information about the whole issue on Twitter’s official blog.