Not a very ordinary name, I thought. I did some investigating, and it turned out this person was following hundreds of other people and encouraging them to visit a link which -- via TinyURL -- resolved to www.tvviter.com.
Note, that's not twitter.com; the phishers were pointing to t-v-v-i-t-e-r instead. If you glanced quickly, then you might believe it was the real Twitter site that was asking you to re-enter your login information, rather than a phishing site stealing your credentials.
Here's a short video I made while the phishing sites were still up, demonstrating what the attack looked like:
A live Twitter phishing attack from SophosLabs on Vimeo.
It wasn't just the NinaOchoa account that hackers had set up to spread their phishing messages. We saw scores of other accounts, all telling you to, "Check this guy out..."
Later in the day, another phishing attack broke out on Twitter that said, "there is this funny blog going around," and pointed -- once again -- to a fake Twitter login page.
Don't forget, when you suspect that someone on Twitter is a spammer or phisher, the best thing you can do is block him from following you, and report him by sending a direct message to @spam, Twitter's spam response team.
Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley. Special to Dark Reading.