Your users who are harnessing the power that is Twitter need a heads up: Cyberthieves are targeting the popular social network big time.

Here’s a brief rundown on how these scams work:

The scams are similar to an instant message or in an e-mail spoof. A message arrives from a friend saying: “haha. This you????” or “Lol. this you??” followed by a Web link.

The link takes the targeted user to a Web site that looks like a Twitter sign-in page. It’s not. Check the URL and you’ll see that it’s hosted elsewhere. If a user enters credentials, they’re stolen.

Twitter is prone to this kind of attack due to the popularity of URL-shortening services – scammers can use those to disguise links.

One scam in particular has gotten a lot of press lately. Its victims so far include HSBC Bank, a British cabinet minister and members of the British press.

Warn users, especially marketing folks who use the site for company business, not to assume that messages from contacts are legitimate.

If they’re sent to what looks like Twitter’s login page, they should check the URL to make sure they aren’t giving info away.

What should users do if they fall victim to the scam?

Tell them to:

1. Change their password immediately
2. Change the password on any service where they use the same password
3. Change the password on any service that uses Twitter, such as Twitterfeed, and
4. Notify contacts about what happened and apologize.

Tags: phishing, Twitter