Twitter hit by second phishing attack in a week

Security experts are warning Twitter users not to click on any links posted with the message 'This you????' as they are part of the second phishing attack in a week to hit the micro-blogging site.

The new attack appears to be a follow-up to the 'LOL' attacks which struck the site over the weekend, as both use social engineering techniques and short messages sent from compromised accounts to trick users into clicking on malicious links.

Both attacks also direct victims to a fake log-in page. Users entering their credentials are shown a fake Twitter 'fail whale' before being taken back to the real Twitter main page, meaning they may not realise that their credentials have been compromised.

"It's bad enough if hackers gain control of your Twitter account, but if you also use that same password on other web sites (and our research shows that 33 per cent of people do that all of the time) they could access your Gmail, Hotmail, Facebook, eBay, PayPal, and so forth," wrote Sophos senior technology consultant Graham Cluley in a blog posting.

"So be cautious about the links you click on, choose a strong password and, if you have found that you're spreading suspicious messages from your Twitter account or believe that you have been compromised, change your passwords immediately."

Security-as-a-service firm ScanSafe released a set of guidelines yesterday outlining what to do if a social networking account has been compromised.