There’s an old saying in security circles: Once something’s popular, it’s only a matter of time before the bad guys show up. The latest example: Twitter, the wildly popular microblogging site that lets you know what your friends are doing.

First came the phishing scams. Phishing “tweets” arrived last year in the form of direct messages -- essentially private texts that only Twitter friends can send and only you can see. Typically the message would say something like “Hey, check out this funny blog about you” with a URL attached. The link directed you to a site that looks exactly like the Twitter log in, only the address is twitter.access-logins.com/login/. If you fell for the trap and logged in, your Twitter name and password were captured.

The solution, according to Twitter, is simple. Don’t log in. If you suspect that your...