Sophos warns of ‘Twitter petition’ designed to steal users' passwords

Twitter users, beware of a so-called petition claiming the micro-blogging site will start charging for its services starting October – it’s just a phishing scam. In a tweet, Twitter’s trust-and-safety account warned that the supposed petition is fake and will attempt to steal the prospective victim’s password. “Seeing Tweets that you need to sign a petition to keep Twitter free? Don't click. It's fake and will steal your password," it said. Computer security firm Sophos added the scam is now making the rounds online. It added it appears that the Twitter team is having partial success extinguishing this new threat. “The tweets being sent out read ‘Twitter might start to charge in October, sign this petition to keep the service free!’" it said in a blog post. Meanwhile, Sophos warned against tweets using URL shorteners, and advised users to double-check the short URLs at longurl.org. It said one such shortened URL led to ltittier.com, a “near-perfect duplicate" of the real Twitter site – but was registered on a Chinese DNS server. “The site is a near perfect duplicate of the real Twitter login site, and it masquerades as a message that your session has timed out. You will need to ‘re-authenticate’ and hand over your identity to the criminals immediately," it said. — LBG, GMA News