Please be very careful following any hyperlinks on Twitter. Tonight I received a direct message from someone I am following on one of my accounts. The message includes a link to a fake Twitter website that appears to be the way this user was originally compromised. Watch the video (updated 1/16/2012) if you want to see exactly how it looks and works.
Browser doesn’t show flash or video not displaying? You can also view it on Youtube.
Updated 1/14/2012 10:25PM UTC-8: Chrome is already reporting the URL in the video as a suspected phishing site. 
Updated 1/15/2012 7:05PM UTC-8: The fake site is still up and running. I decided to go and report it to the ISP, unfortunately it’s in China and they probably won’t do anything about it.
Updated 1/16/2012 11:33PM UTC-8: This thing is picking up steam in spite of efforts to build awareness. If you receive one of these messages be sure to tell the person who sent it to you to change their twitter password. Presently whoever is pharming these accounts is not locking the owner out by changing the password. This could change at any point. Also just keep in mind if you use the same password for multiple things you should change the others also as this password list is likely to circulate in nefarious circles. Here is a Tweet spotted tonight after just glancing at the Twitter stream.
Updated 1/17/2012 2:39PM UTC-8: Surprisingly something simple that would be dead if it wasn’t hosted in China (any ISP in the USA/Western Countries would have taken this site offline within 6-8 hours) appears to be gaining steam. A coalition of humorous and fed up folks setup a gag site about it. I won’t ruin it for you, you can check it out at didyouseewhattheysaid.com. I will say this, I got a chuckle out of it.
