Sophos is warning Twitter users against an evolving attack which threatens to steal personal information from them.

Thousands of Twitter users are reporting having received direct messages from friends inviting them to visit a bogus website.

Sophos says the original messages over the weekend pretended to point to funny pictures or blog articles about the recipients, or claimed to provide a link to win an iPhone, such as:

"Hey, i found a website with your pic on it... LOL check it out here"
"hey! check out this funny blog about you..."

Clicking the links takes users to a bogus Twitter page which could steal users' login name and passwords and Sophos is advising users to be on their guard.