Take a second look

Perhaps as a tribute to its mainstream legitimacy, Twitter's turf has been invaded by at least two spammer-orchestrated scams.

In the most widespread of the two, users receive a direct message from a follower, bearing this or similar bait: "hey! check out this funny blog about you…", followed by a link to a webpage.

After clicking on the link, victims are presented with a false Twitter login page. Usernames and passwords entered on the page become vehicles for spammers to distribute similar messages, or messages promoting products (such as free iPhones), to Twitter users connected to them.

Scams like this one were a common problem on social networking site MySpace.com, particularly when it reached mainstream ubiquity.

The easiest way to gauge whether a login page is authentic is to check the URL before entering user credentials. Careful inspection will reveal that the login page is not hosted by Twitter or MySpace. Among other phishing destinations, one of the most popular faux Twitter login pages appears at "http://twitter.access-logins.com/login" instead of "http://twitter.com," for example.

Users that have already fallen victim to the Twitter login scam are invited to visit the reset password page, which sends a password-reset link to the email associated with your account.

The scam hit critical mass over the weekend. Shortly after announcing news of it on Monday, Twitter also reported that 33 high-profile accounts — including those of President Elect Barack Obama and CNN's Rick Sanchez — were hijacked by enterprising hackers.

According to Twitter, the hackers penetrated "some of the tools our support team uses," resulting in the immediate lock-down of the affected support tools — a security breach unrelated to this weekend's phishing epidemic.