Twitter users were hit with what seems to be yet another phishing attack. The latest attack features a message that says "This you????" followed by a link that leads to a fake Twitter log-in page.

If a user provides the log-in credentials, the attackers have control over the user's account and can retweet the phishing message from that account.

Phishing attacks are spreading via direct messages that are widely distributed because of third-party services such as GroupTweet. Compromised accounts are then used to send pharmaceutical spam for herbal Viagra.

Users are recommended not to reuse passwords on different sites. A Twitter phishing attack that steals your log-in credentials can even 
compromise your bank and e-mail accounts if you use the same password on those sites too.

This is a video of how its done.

Ref: http://news.cnet.com/8301-27080_3-10459108-245.html

Ref: http://www.sophos.com/blogs/gc/g/2010/02/24/phishing-attack-hits-twit...