According to the IT security company, thousands of Twitter members have reported receiving messages from fake friends inviting them to visit a website containing funny pictures, a blog and in some cases even the chance to win an Apple iPhone.
However, Sophos warns that the links are bogus and clicking on them will result in users being directed to a fake Twitter page designed to steal their login and password.
Comedian and tech-fan Stephen Fry is reportedly among the Twitter member that have fallen victim to this online scam. However, it is not thought his account has been compromised.
"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as an alarming 41 percent of internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," said Graham Cluley, senior technology consultant at Sophos.
"Twitter users who may have lost control of their accounts need to change their passwords as a matter of priority before more harm is done. Compromised social networking accounts are valuable for hackers as they can use them for a springboard for spam campaigns, identity theft attacks and other online crime."