Users of micro blogging site Twitter, including comedian Stephen Fry, have been duped by a phishing scam.
According to the Twitter blog, scammers are sending out e-mails resembling notifications sent to users about direct messages.
"The email says something like, "hey! check out this funny blog about you..." and provides a link," says Twitter.
The link redirects to a site masquerading as the Twitter front page and asks for usernames and passwords. This enables the phisher to use the account to pose as the victim and send out direct messages.
Twitter says that if this happens it automatically resets passwords, meaning the genuine user is also locked out of the account and is required to change credentials.
But in his blog, Graham Cluley from security outfit Sophos warns that "as so many Internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater".
On Sunday Fry tweeted: "Lawks. Hope I haven't been phished for all my details. Clicked on scam URL last night before I knew what it was. Eeek. x"
Cluley says the phishers are now linking to a site offering the chance to win an iPhone if credentials, including mobile phone numbers, are handed over.
Yesterday Twitter stressed that the phishing campaign is not related to the recent hacking of 33 accounts, including those of Barack Obama and Britney Spears. The hijacked accounts were used to leave a variety of fake messages. Readers of the bogus Obama tweets were redirected to a compromised Web page that stored a Trojan on unprotected browsers to scan infected PCs for passwords and user credentials.