- You receive an intriguing Twitter reply from somebody whom you follow.
- This contains a link.
- You click on the link.
- A Twitter login form appears.
- You innocently enter your details
- You get admitted to a spam site of some sort.
At stage 5 you were had! It's not Twitter but an impersonator who now has your password! They will then send a fake message out to all of your followers and the process perpetuates.
So, treat with suspicion any message from somebody which does not seem quite right.
If you are presented with an unusual login screen (it might say you need to log in again for security) then be even more suspicious.
If you do get conned then change your password (if you still can!).