Twitter announced on Wednesday about a new phishing attack in which direct messages to users link to a fake log-in page that steals passwords.

“We’ve seen a few phishing attempts today; if you’ve received a strange (direct message), and it takes you to a Twitter log-in page, don’t do it!” the Twitter spam warning says.

The direct messages say: “hi. this you on here? http://blogger.djh****.com,” Sophos reports in a blog post. The full URL is obscured to prevent people from unwittingly visiting the phishing site.

Clicking on the link takes a user to a page that looks like a legitimate Twitter log-in page. When the user types in the username and password, a fake version of Twitter’s “over capacity” message is displayed, with the image of the notorious “fail whale” held aloft by birds.

Scam message is sent automatically by phishing bot program, there are the couple of fake users registered under various usernames , the message is received through. You may also receive this kind of message from your followers, don’t unfollow them, send them a message and ask to change their twitter passwords.

If you have been duped by this phishing ruse, Glurt suggests that you immediately change your password at Twitter and any other sites where you used the same log-in credentials.