I just received an email from Twitter asking to confirm an account. I do occasionally use Twitter, but have never bothered making an account. The account seems to already exist (using my name, but it’s common enough), and has one follower and is following several things, so it appears to be in use.
My natural reaction was to change my email password and secret questions etc, especially considering this recent PSN hack thing (I do have a PSN account, but it’s using a different password to my email). I seriously doubt this is a hack though, making a Twitter account would be a strange thing to do with my identity.
Wondering if anybody has any idea why this would have happened though?
Actually, I’ve just had a thought. It could be that whoever made this account did not want to use their own email, and instead made one up, which just so happens to belong to me. My email address is my first two initials, a period and then my last name @yahoo, so I guess that’s not out of the question.
You know, I think I’ve just answered my own question, but I guess I’m still interested in other possible theories as to why this happened, and any advice with regards to security concerns (could this be a phishing thing?) are welcome.
Cheers.
Almost certainly, Twitter did not send you an e-mail, and the page the e-mail linked you to was not on Twitter’s web site. That’s a textbook-standard phish.
It could be a phishing attempt. In other words it’s not from Twitter, but from a scammer spoofing a legitimate Twitter page to attempt to get your personal information. I had a fake email supposedly from PayPal the other day asking me to confirm my account. Of course, I spotted it as a fake and forwarded it to PayPal’s anti-phishing team.
Edit: what Chronos said, yes. If Twitter has a spoof department, it would be a good idea to forward the email to them. Not using the link in the email you received, of course. Manually type Twitter’s address in your browser and see if they have a department that takes care of spoofs. They would appreciate having the information.
Rightyo, I’ll see if I can’t forward it to Twitter then. The links all look legit though (I haven’t clicked on any, just moused over), but I guess I don’t really know enough about how they can be faked etc. Cheers for the info!
You should also report it to your email carrier as a possible phishing attempt. The fake PayPal email went right to my inbox instead of my spam folder, with no warning from Gmail that it was likely not genuine. At the least, it’ll help them improve their filtering software.
And Twitter does have a link for fake emails
http://support.twitter.com/groups/33-report-a-violation/topics/166-safety-center/articles/204820-safety-fake-twitter-emails
and an address to report fakes.
spoof@twitter.com