If you happened to browse over to the British Gas Help Twitter account yesterday – which is unlikely, but you never know – then you may have seen some rather strange tweets pop up, which were part of a phishing attack.
Security expert Graham Cluley (opens in new tab) spotted the tweets, which included comments like "I'm laughing so much right now at this", and "haha this tweet by you is cool," which clearly indicated that the account had been compromised.
British Gas then announced (opens in new tab) on the account: "We are aware our Twitter account has been compromised. Please delete any spam tweets you have received. Sorry for the inconvenience."
The messages were quickly removed.
The "haha" and "lol" type tweets posted also contained a shortened link that led to what appeared to be the official Twitter site telling the user that their session had ended, and to log back in. Of course, this was a fake site – as an examination of the URL would reveal – and if you did log back in, you gave the phishers your account and password on a plate.
Unless, as Cluley points out, you had two-factor authentication enabled – which is always a good idea where it's available, just for better general security. We've got a full guide on how to set this up on Twitter (opens in new tab), and indeed the guide covers two-step authentication on many different websites which offer it. This is something which is well worth taking the time to sort out.