WARNING: “Lost Weight In This Video” DM Scam Hits Twitter

There is as new Direct Message (DM) scam going around Twitter, which will try to steal your password. If you have received a DM today commenting on your weight, do not click the link.

We have more details on how to avoid the scam – and how to prevent it from happening to you in the future – below.

Sophos’ digital security blog Naked Security discovered this scam early Thursday morning.

DMs are being sent to unsuspecting Twitter users which include the following text:

“you look like you lost weight in this video… [LINK]”

And if you click on the link, you’ll be taken to what appears to be a standard Twitter login page, complete with the avatars of people to follow along the bottom and the text field for your username and password at the top. However, as Naked Security noticed, the URL is not “Twitter.com”:

Anyone who doesn’t notice that the URL is a fake and goes ahead and enters their username and password without thinking will have been phished.

This means that the scammers will now have access to your Twitter account, and they can use it to start sending the same type of spam that caught you in their web. That’s why these types of DMs often come from accounts you trust – because they have already been scammed themselves.

If you think you have been hacked, you should change your password immediately. Also, it’s a good idea to change any other passwords around the net that are the same or very similar to you Twitter one – after all, the majority of us don’t have a different password for each service we use. And finally, you should review which applications have access to your Twitter account in the Applications tab in “Account Settings”, and revoke permission for any apps that appear suspicious or that you don’t recognize.

To avoid this happening in the future, you should report as spam anything you think is suspicious, directly to Twitter. Even if the message comes from a friends’ account, you’ll be helping out by reporting it. Twitter can change their password for them and give them back full control of their account.