It looks like a tweet from a friend, but it comes with a warning:
"Hey...you seen this yet?Some horrible rumors about you going around online..."
The tweet includes a link, it appears that by clicking on the link you'll find out more about those "Horrible rumors." But that's not what happens.
"It takes you to a Twitter long in page," said Stephen Cobb with ESET Security Software, "But it's not actually Twitter, it's faked."
The site is designed to trick you out of your name and password. Why would anyone fall for the scam? Because it looks like it's coming from a friend.
"I don't think as many people are suspicious as they should be yet on Twitter and Facebook," said Cobb. That's because the messages appear to be from friends, but usually the friend's account has been hijacked by scammers and used to seek out other victims."
College student Douglas Dalay said he might have fallen for it.
"They put a face, my friend's face with the link and I would be easily fooled," he said.
"If I see them, maybe I'll think for a split second," said student Rachel Rothman, "But then I'll be like, Oh no, that's not."
Stephen Cobb says these sort of scams have moved from emails to social media and it's import to be skeptical of strange messages or warnings.
"If you get a tweet that is malicious from a friend," said Cobb, "immediately let them know that their account has been compromised."
Make sure to change the password to something hard to guess, and update it often.
How you you protect your password?. Comment below, fan us on Facebook, mention us on Twitter @nbcsandiego, or download our improved iPhone app.