I just got a direct message (DM) on twitter today and it was like, "Tell me if this blog is about you? http://tinyurl.com/6ccbp7w". The messages may be different, like, "This gotta be you in this picture?", but link remains same. At the first look itself, I found out it to be a spam. I had even seen such links on facebook. So I didn't click on that link.
But when I looked at my timeline, I saw many people complaining about such DMs and this caught my interest. So I decided to take risk and click on that link. At first, I hovered the mouse cursor on that link, but that didn't expand to the original site. That confirmed it to be a spam [I just wonder why most of them use tinyurl, a URL shortner service]. But I had to take risk. So, I cleared all my browser cookies first to secure other services I use. Then I copied the link and pasted onto new tab and was ready to go.
Now I clicked on that link and it took me to a webpage looking similar to twitter login page [if you use Google Chrome, you will be warned before entering that page! Read my other post about why Google Chrome is the best web browser! ]. Everything what you see on twitter login page was present there, but for my wonder, the address of that webpage was http://itiwitter.com/twitterlogin/ !! Many novice and average internet users really think that it is twitter and just enter their username and password and click on sign in. If you do that, your twitter account would then be compromised !
When you click on sign in button, the data you entered will be then sent to a PHP script, hosted on some unknown server, for processing. That means, your username and password will be saved by that script and you will be redirected to original twitter as usual! You never come to know about the password theft! You may get this kind of messages from your friends. And if you get one, sadly, your friend's account has been compromised. Many of my fellow followers are already victims of this trick. After gaining access to your account, hackers may use your account to trick your followers with similar links, or they would completely lock your account from you!
Most of the evil hackers use social networking sites to trap users to give out their credentials. Reason is not a surprise, social networking sites are widespread and even a novice user can use them without any difficulty. So please avoid clicking on any such links and be safe on web :)