There is a new phishing campaign doing the rounds trying to get your Twitter login credentials. The scam arrives as a direct messages to prospective victims from one of their contacts. Attackers are using messages such as "This person is threatening to expose something bad about you" with a link.
The link takes the mark to a simulated twitter site (twitller.com - note the typo-squatting), which comes up as a normal Twitter login page. Victims are tricked to login, their account is taken over and used to send more intimidating messages.
if you get one of these messages, your friend's account is hacked and you should call them (on the phone) and tell them to change their password. Since many people use the same password for all their online logins, this type of attack is great to get access to people's email accounts and from there to their bank or credit card company. Think Before You Click !
