Phishing scam steals Twitter passwords

Twitter messages are leading victims to a fake log-in page

Twitter users beware: This scam will not leave you ROFL.

A phishing scam is circulating on Twitter that aims to steal users' log-in credentials and then forward scam messages to all their friends in the hope of tricking them too.

The scam begins with a direct message -- one sent directly between two Twitter users -- that reads "ROFL this you on here?" and appears to link to a video site. When the victim clicks on the link, however, they are sent to a fake Twitter page and asked to log in. The scammers use that log-in information to automatically message the victim's contacts with the same direct message.

The phishing activity was reported earlier on the Mashable blog, which says it received "multiple reports" of the scam.

It's a classic phishing scam, and one more reason for users to be cautious about messages that take them to a site where they're asked to log in or download something, security experts say.

Twitter warned of the scam, saying in a Twitter message, "A bit o' phishing going on -- if you get a weird direct message, don't click on it and certainly don't give your login creds!"

This is just the latest of several scams making the rounds on the popular microblogging site as criminals look for new ways to cash in on its popularity.