A phishing attack, which some are calling as BZPharma Phishing Attack, has hit Twitter this weekend. The attack is designed to steal username and password of unsuspecting Twitter user. It is spread through direct message from a compromised account.
Messages include - "Lol. this is me??", "lol , this is funny.", "ha ha, u look funny on here" or "Lol. this you??". This message is followed by a link such as - http://example.com/?rid=http://twitter.verify.bzpharma.net/login, where example.com can vary.
On clicking the link users are led to a a fake Twitter login page hosted at http://twitter.verify.bzpharma.net/login. When unsuspecting users enter their login details in the page, their account details are sent to the people who created the fake login page. Users are then redirected to a page showing the "fail whale" before they are taken to the real twitter page.
It has also been reported that the link to the fake Twitter login page is being spread via the public as well.
If you have not encountered this kind of message, it is advised not to click on the message in case you see one. In case you have already entered your account details in the fake login page, it is recommended that you change your password as soon as possible.
[first image credit: How Stuffs Work]