An anonymous reader writes "Twitter users are being warned not to click on messages saying "'ol, this is funny,' as they can lead to their account details being stolen. A widespread attack has hit Twitter this weekend, tricking users into logging into a fake Twitter page — and thus handing their account details over to hackers. Messages include Lol. this is me?? / lol , this is funny. / ha ha, u look funny on here / Lol. this you?? followed by a link in the form of http://example/ [dot] com/?rid=http://twitter.verify.bzpharma [dot] net/login, where 'example.com' can vary. Clicking on the link redirects users to the second-half of the link, where the fake login page is hosted. In a video and blog entry, computer security firm Sophos is warning users that it is not just Twitter direct messages (DMs) that carry the poisoned links, but they are appearing on public profiles due to services such as GroupTweet which republish direct messages. Sophos also reports that the site being used for the Twitter phishing has also been constructed to steal information from users of the Bebo social network. Affected users are advised to change their passwords immediately."