Twitter users were hit with a spam attack over the weekend. It started with a simple question: “Want to know who’s stalking you on twitter!?” and a link to TwitViewer, a site that claimed it would show them the last 200 people that visited their Twitter profile. The problem was that TwitViewer demanded their Twitter username and password in order to do so.

Those that did so had their Twitter account promptly spam everyone they are following with the same question and link, and if they happened to click on any of the people in the gallery of thumbnails the site claims are people that visited their profile (but they didn’t-there is no way for a site to be able to collect that kind of information), their account automatically followed them-and of course spammed them with the TwitViewer link. All in all a very slick phishing scheme.

How do your users protect themselves? Simple-tell them to never ever give their usernames, passwords or any other personal info out to sites like TwitViewer and better yet, to be very careful what links they click on in their Twitter feeds. This is admittedly hard to do thanks to the URL shortening services that are a must because of Twitter’s strict 140 character limit. A good rule of thumb is to never click on links offered from anyone you don’t know very well.

The good news is that the TwitViewer site is now down, but the bad news is the site owners say they will return with a new domain.