Over the past year and a half I’ve been tempted to reword that short bio up there at the top of the page next to my mug shot. Specifically, I’ve considered taking out or changing the sentence that says I “don’t get” Twitter, partly to avoid having people try to explain to me how it’s the greatest thing since bottled beer.

You’re not giving yourself credit, I tell myself. You get Twitter; you just don’t understand why anyone would use it, either in their daily life or for any kind of marketing purpose.

And so the sentence stays.

My latest Twitter ambivalence comes from a collection of incidents over the holidays that persuade me that this thing has a lot of fad content at best, and a lot of potential for fleecing the unwary at worst.

Over the weekend I received a direct mail to my Twitter account (yes, I may not “get it” but I have one—such is my job) from a screen name I did not recognize telling me to go to a Web site to “check out this funny blog about you…”

Now there’s no way I’m going to follow a link contained in a message from someone I don’t know, but I have to admit I was a bit flattered by the attention. But I got distracted by something shiny and neglected to investigate any further.

And rather a good thing too, because as it turns out Twitter was hit by a hefty phishing expedition using precisely these e-mails. Click that link, apparently, and you’re re-directed to “twitter.access-logins.com”, a darn good replica of the Twitter log-in page.

But it’s a fake, and one that can accept your Twitter login name and password. Security blogger Chris Pirillo tracked the domain to China and warns that this kind of scam could make the Twitter folks start looking closely at what third party apps are hooking into their network.

Why would anyone want your, or at least my, Twitter login and password? Because there exist in this world people who use the same security combo again and again for everything from Facebook to finances. And some bad hat somewhere will know how to take those keys and unlock some poor shlub’s life.

That’s not me, of course. My password protocols incorporate the phases of the moon and the jersey numbers of the high scorer in the most recent Big Ten game. They are the envy of the National Security Administration. So don’t bother phishing me.

Aside from netting password info, of course, phishing can be used simply to drive Web traffic to sites people wouldn’t visit under normal circumstances. And sure enough, reports are coming in that the Twitter phishing campaign has changed its angle. Users who responded to those weekend messages are now getting hit with e-mail that sounds like it comes from a Twitter follower and promising “Wanna win the new iPhone?”, also with a URL attached.

Security expert Graham Cluley of Sophos says in a post that the sites the new Twitter phishing e-mail are driving to offer to let users enter to win a free iPhone—if they submit personal information including their current cell phone number. Cluley speculates the phishers may be earning commissions as part of an affiliate network meant to bring users to these Web sites. There’s also the danger that these phony sites could be used to spread spyware or other computer malware.

The problem’s big enough that Twitter was forced over the weekend to add a note to its real log-in page warning users not to log into their accounts through any links they received in a direct message. And on the Twitter blog they advise users who fear they may have fallen for this scam to change their security codes right away.

Granted, this new attention from black ops practitioners suggests that Twitter’s microblogging service is poised to hit the main stream. But its wide takeup has been fueled in part because it has seemed an easy, almost carefree and no-thought-required way to stay in touch with friends and interested parties that you know in real life. Standing at Starbucks waiting to have your order taken? Tell your online friends, who are probably doing the same thing two blocks or three states away. It’s a fun way to kill 30 seconds, and so far it hasn’t been worth any phisher’s time.

But when you have to start checking the credibility of the messages you receive and examining the domains linked to make sure they are what they claim to be, a service like Twitter starts looking a lot less appealingly carefree to a lot of people. Twitter’s openness had been a large part of its allure for its adherents. If they are suddenly forced to become a lot more wary about what they open and what links they follow—if in fact, Twitter becomes a short-form version of e-mail—then that could put a damper on audience reach, which could make a presence on the service seem less vital to marketers.

If we want to be in a questionable environment, they may say, we’ll go to the social networks, which have had their own problems with phishing scams. But at least we’ll be talking to many, many more real people.

Twitter may already have loss a portion of its gloss for some prominent celebrity members. Over this same weekend, Twitter revealed that someone—probably not that phishing gang—hacked into the accounts of such marquee members as Britney Spears, CNN correspondent Rick Sanchez and even Barack Obama. Apparent tweets from Sanchez’s account were sent advising that he was currently on drugs, while Ms. Spears’ feed was used to send intimate and quite surprising bogus anatomical information. Hackers also broke into the Fox News Twitter feed and sent out fake information about the alleged sexual orientation of Bill O’Reilly. The Obama account hasn’t been used since the election. All the accounts were locked down by Twitter.

Over the past year and a half I’ve been tempted to reword that short bio up there at the top of the page next to my mug shot. Specifically, I’ve considered taking out or changing the sentence that says I “don’t get” Twitter, partly to avoid having people try to explain to me how it’s the greatest thing since bottled beer.

You’re not giving yourself credit, I tell myself. You get Twitter; you just don’t understand why anyone would use it, either in their daily life or for any kind of marketing purpose.

And so the sentence stays.

My latest Twitter ambivalence comes from a collection of incidents over the holidays that persuade me that this thing has a lot of fad content at best, and a lot of potential for fleecing the unwary at worst.

Over the weekend I received a direct mail to my Twitter account (yes, I may not “get it” but I have one—such is my job) from a screen name I did not recognize telling me to go to a Web site to “check out this funny blog about you…”

Now there’s no way I’m going to follow a link contained in a message from someone I don’t know, but I have to admit I was a bit flattered by the attention. But I got distracted by something shiny and neglected to investigate any further.

And rather a good thing too, because as it turns out Twitter was hit by a hefty phishing expedition using precisely these e-mails. Click that link, apparently, and you’re re-directed to “twitter.access-logins.com”, a darn good replica of the Twitter log-in page.

But it’s a fake, and one that can accept your Twitter login name and password. Security blogger Chris Pirillo tracked the domain to China and warns that this kind of scam could make the Twitter folks start looking closely at what third party apps are hooking into their network.

Why would anyone want your, or at least my, Twitter login and password? Because there exist in this world people who use the same security combo again and again for everything from Facebook to finances. And some bad hat somewhere will know how to take those keys and unlock some poor shlub’s life.

That’s not me, of course. My password protocols incorporate the phases of the moon and the jersey numbers of the high scorer in the most recent Big Ten game. They are the envy of the National Security Administration. So don’t bother phishing me.

Aside from netting password info, of course, phishing can be used simply to drive Web traffic to sites people wouldn’t visit under normal circumstances. And sure enough, reports are coming in that the Twitter phishing campaign has changed its angle. Users who responded to those weekend messages are now getting hit with e-mail that sounds like it comes from a Twitter follower and promising “Wanna win the new iPhone?”, also with a URL attached.

Security expert Graham Cluley of Sophos says in a post that the sites the new Twitter phishing e-mail are driving to offer to let users enter to win a free iPhone—if they submit personal information including their current cell phone number. Cluley speculates the phishers may be earning commissions as part of an affiliate network meant to bring users to these Web sites. There’s also the danger that these phony sites could be used to spread spyware or other computer malware.

The problem’s big enough that Twitter was forced over the weekend to add a note to its real log-in page warning users not to log into their accounts through any links they received in a direct message. And on the Twitter blog they advise users who fear they may have fallen for this scam to change their security codes right away.

Granted, this new attention from black ops practitioners suggests that Twitter’s microblogging service is poised to hit the main stream. But its wide takeup has been fueled in part because it has seemed an easy, almost carefree and no-thought-required way to stay in touch with friends and interested parties that you know in real life. Standing at Starbucks waiting to have your order taken? Tell your online friends, who are probably doing the same thing two blocks or three states away. It’s a fun way to kill 30 seconds, and so far it hasn’t been worth any phisher’s time.

But when you have to start checking the credibility of the messages you receive and examining the domains linked to make sure they are what they claim to be, a service like Twitter starts looking a lot less appealingly carefree to a lot of people. Twitter’s openness had been a large part of its allure for its adherents. If they are suddenly forced to become a lot more wary about what they open and what links they follow—if in fact, Twitter becomes a short-form version of e-mail—then that could put a damper on audience reach, which could make a presence on the service seem less vital to marketers.

If we want to be in a questionable environment, they may say, we’ll go to the social networks, which have had their own problems with phishing scams. But at least we’ll be talking to many, many more real people.

Twitter may already have loss a portion of its gloss for some prominent celebrity members. Over this same weekend, Twitter revealed that someone—probably not that phishing gang—hacked into the accounts of such marquee members as Britney Spears, CNN correspondent Rick Sanchez and even Barack Obama. Apparent tweets from Sanchez’s account were sent advising that he was currently on drugs, while Ms. Spears’ feed was used to send intimate and quite surprising bogus anatomical information. Hackers also broke into the Fox News Twitter feed and sent out fake information about the alleged sexual orientation of Bill O’Reilly. The Obama account hasn’t been used since the election. All the accounts were locked down by Twitter.