Twitter, Facebook Warn Users of Email Password Scams

Twitter safetyTwitter has followed Facebook in warning users to avoid malicious emails with attachments that claim to provide a new password.
Opening such an attachment can unleash malware that may ultimately crack the passwords on the user’s computer beyond social media accounts, warn Internet security firms.
“Remember, Twitter doesn’t send emails asking you to download or open attachments. Don’t fall for that trap!” the micro-blogging site posted on its Twitter.com/safety page.
Twitter then provides a link to its “Keeping Your Account Secure” guidelines page.
Facebook issued its own warning earlier in the week about “another spoofed email going around” that claims it’s from the social media site and asks the recipient to open an attachment to receive a new password. Facebook says to delete such emails and warn friends of the scam.
“Remember that Facebook will never send you a new password in an attachment,” said the post on Facebook’s security page.
McAfee’s Security Insights Blog describes the attachments in the Facebook emails as “potentially very dangerous considering that there are over 400 million Facebook users who could fall for this scam.”
The attachment is a “password stealer” that installs when the user clicks on it, McAfee said.
“Once installed, the password stealer can potentially access any username and password combination utilized on that computer, not just for the user’s Facebook account,” the online security firm said.
One clue that signals a user of a spam email is poor grammar and awkward phrases, such as the greeting: “Dear user of facebook.”