Sophos, the security outfit, has issued a warning for users of Twitter to be on the lookout for an evolving phishing attack which could steal personal data if they are not very careful. Already thousands of Twitterers are thought to have received messages from their friends which invite them to visit a specific website for a number of various reasons. Amongst them, it seems, is Stephen Fry.

According to reports the bait used in the messages can be anything from the lure of winning an Apple iPhone through to promises of funny pictures or blog articles supposedly about the recipient of the message.

Usually, I would suggest, anyone stupid enough to follow a link to something that says "Hey, i found a website with your pic on it... LOL check it out here" deserves everything they get. But these messages come from your friends accounts, giving them a certain amount of authority and painting them with a certain amount of trust. Indeed, if a close friend sends you a message saying "hey. i won an iphone! come see how here" then you might be tempted to do just that.

Of course, follow the link and you arrive at a bogus Twitter page designed to steal your login name and password. Doh!

According to various reports one person who was fooled was none other than UK celebrity and host of the popular QI television programme, Stephen Fry. Sophos, for example, says that he "unwittingly clicked on the link without realising that he was being taken to a potentially dangerous website" although there is no evidence to suggest that his account has been compromised in any way.

Fry has tweeted himself that he received some 20 of these phishing messages offering free iPhones, saying "Lawks. Hope I haven't been phished for all my details. Clicked on scam URL last night before I knew what it was. Eeek."

"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as an alarming 41 percent of internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," said Graham Cluley, senior technology consultant at Sophos. "Twitter users who may have lost control of their accounts need to change their passwords as a matter of priority before more harm is done. Compromised social networking accounts are valuable for hackers as they can use them for a springboard for spam campaigns, identity theft attacks and other online crime."

Makes a change from the usual fake bank phishing scams or Twitter stories about Britney and Obama I guess.

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...