Twitter isn’t really stealing your password, but someone acting like twitter is trying to.
Yesterday many twitter users were sent DM’s claiming a picture of them was found on a specific website. When the user clicked the link it took them to a page that looked identical to the Twitter login screen.
Anyone entering their username and password into that login screen were literally giving their login credentials away.
Here is a screen capture of the login phishing site made to resemble Twitter:
If you’ll notice in the address bar of the website in question the url isn’t from twitter at all. Anyone not paying attention to this would be caught unexpectedly.
From what I can tell, many others have already reported the website as false and a web forgery notice has been put in it’s place.
What lesson have we learned from this? Before you log into any website, make sure that url in the address bar is the correct one.
Did you get sent the mysterious dm’s on twitter?