It looks like there are two Twitter scams infiltrating people’s inboxes right now. These scam email hide their malicious URLs by cloaking them in Twitter.com text to make them look legitimate. Here’s how to avoid being suckered.
An email Twitter scam
This particular scam is good at hiding its intentions, so you’ve got to know what to look for in order to avoid it.
Those targeted have received an email that, by all appearances, is from Twitter.com. The email includes a message which informs the recipient that they have some messages pending, and they are led to believe that they must click the link to receive them. The email is signed “The Twitter Team”, and all links within look like they’re from Twitter.com.
But that’s where they get you.
The text of the link begins with twitter.com, but the actual URL is another site altogether.
If you hover over the link with your mouse, your URL preview will show you that the link does not take you to Twitter’s website.
One of our readers forwarded us a suspicious email that he received last week:
The skinned Twitter.com fake links actually led to a forum site called sib-sub.com. The hackers either illegally took control of the site, or the site itself is illegitimate. Either way, we recommend you don’t visit.
The security firm Sophos also found this type of spam to be quite prevalent this week. They did some research into the links, and found that most of them led to an American pharmacy-related site which tried to dupe you into buying ridiculously overpriced drugs.
How to avoid Twitter scams
One way to identify fake emails that otherwise appear to be from Twitter.com is to check the sender. In the case of our reader, his scam message was sent from an email address that did not belong to Twitter.com.
If you receive an email from an unknown sender, do not click a link within that email until you verify the identity of the sender. Likewise, if you get an email that claims to be from someone from Twitter, but the sending email address is not @twitter.com, do not open any links contained within.
When opening links in emails or even on Twitter.com, always hover your mouse over them for a minute to verify the address. Shortened links like goo.gl have been used in the past to contain malicious websites, and hackers are getting more creative by skinning compromised links to look like official messages from Twitter.com. Verify all destination URLs before you click them.