Twitter Officially Hits Mainstream; First Phishing Scam Reported

I guess we can all say that Twitter has hit the mainstream. This afternoon reports have come in about a phishing scam which uses direct messages to push people to visit a site "access-logins.com" based out of China. The site (as seen below via Chris Pirillo) looks just like the Twitter login page but naturally would grab your login credentials if you entered them into the form.

Twitter has a message on their status blog:

Twitter Engineering and Operations are on the case but if you receive a Direct Message with a blogspot.com link in it that redirects to what seems like Twitter.com do not enter your Twitter credentials. If you look at the URL, you’ll notice that it is not really Twitter but twitter.access-logins.com—a sketchy phishing site.

This is the second time in the last few days of users giving out Twitter passwords either for access to other services or in this case, something much more malicious. Months ago several popular Twitter users weren’t worried about giving out their passwords – I wonder if today’s phishing scam will change that opinion quickly.

The biggest issue here is that while gaining access to a person’s Twitter account won’t unlock anything past Twitter, many users have the same username/password elsewhere online. The phisher could try other social services and even online banking services. This is the part that makes today’s attack scary.