Security experts are warning Twitter users not to click on any links posted with the message 'This you????' as they are part of the second phishing attack in a week to hit the micro-blogging site.
The new attack appears to be a follow-up to the 'LOL' attacks which struck the site over the weekend, as both use social engineering techniques and short messages sent from compromised accounts to trick users into clicking on malicious links.
Both attacks also direct victims to a fake log-in page. Users entering their credentials are shown a fake Twitter 'fail whale' before being taken back to the real Twitter main page, meaning they may not realise that their credentials have been compromised.
"It's bad enough if hackers gain control of your Twitter account, but if you also use that same password on other web sites (and our research shows that 33 per cent of people do that all of the time) they could access your Gmail, Hotmail, Facebook, eBay, PayPal, and so forth," wrote Sophos senior technology consultant Graham Cluley in a blog posting.
"So be cautious about the links you click on, choose a strong password and, if you have found that you're spreading suspicious messages from your Twitter account or believe that you have been compromised, change your passwords immediately."
Security-as-a-service firm ScanSafe released a set of guidelines yesterday outlining what to do if a social networking account has been compromised.
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago