How to Avoid Twitter phishing scams

If you receive a DM on twitter “This made me laugh so hard when i saw this about you lol” it’s a phishing scam to get your twitter login details. Your account will then send that or similar DM’s on to your friends. Don’t fall for this email hoax and login to twitter via the link, it’s a fake site.

Why are so many of my twitter friends caught out by this scam? The scam is most effective against users on mobile devices like smart-phones. It’s hard to read the misspelled URL that looks like twitter’s.

As this attack matures, the exact phrase used will change. The way to be safe on a mobile device is

  1. use the twitter client for your device or a well known 3rd party client (like TweetDeck).
  2. login on that client only not the device’s browser.
  3. don’t trust a DM from a contact that does not have context (see below)
  4. if you click on a shorted URL link that takes you to something that looks like twitter do not login – use your dedicated client program instead.

What is context? If you ask a friend to send you a picture and they reply with a URL, that is expected behaviour. If you didn’t ask for it and didn’t party at the Playboy Mansion with them last night, they don’t have a LOL photo of you. Assume they’ve been compromised and move on.

“Compromised” is very cloak and dagger but it’s also smart. At a time when the bad guys are selling compromised accounts and PC’s by the thousands, your login credentials are a commodity worth a fraction of a cent (e.g. 40EUR per 100,000 email addresses last night). So act like a secret agent and assume the worst, you’ll live longer.

The clever social engineering trick that’s hard to resist, what if something bad is really being said about us?

Other phrases I’ve seen so far (I updated this list 6 January 2013):

  • Did you see this pic of you? lol
  • Early TWITTER INVESTORS got FILTHY RICH! How YOU CAN GET RICH with the NEXT TWITTER Growth Story Now
  • FYI this profile on twitter (URL) is spreading nasty blogs around about you
  • damn this person is making updates with retarded things that involve you
  • HAHA omg you have to see this IM dying from laughing so hard…
  • lol wat r you doing n this video
  • u didn’t see them tapping u
  • hey this user is making up cruel things that are about you
  • hey this person is making up cruel things that are about you
  • hey someone is writing shocking posts that are about you
  • Hi this user is posting really bad things about you
  • See who is Stalking your Twitter! (this is the StalkTrak scam)
  • Find out who’s stalking your twitter
  • Hello some person is posting very bad rumors about you…
  • LOL…i am laughing so hard at this pic of me my friend found
  • Hello this user is making nasty things about you…
  • did you see this crazy tweet about you?
  • Hey some person is making terrible things about you…
  • Hello somebody is making nasty things about you…
  • Hi someone is posting very bad rumors about you…
  • Someone is saying some real horrible things about you, seen this?
  • Seen this really nasty rumor/blog about you?
  • There is a rumor/blog going around about you might want to read it
  • Rumor has it there is some bad things about you
  • I saw a real bad blog about you, you seen this?
  • Found a funny picture of you!
  • I cannot believe what this person is saying about you! it’s pretty nasty stuff
  • You seen what this person is saying about you? terrible things..
  • Hey…you seen this yet? some horrible rumors about you going around online…
  • i cant believe this but there are some real nasty things being said about you here
  • Hey, so some real nasty things are being said about you here i cant believe what was said..

If you want more information on keeping safe online, I also recommend this great ebook Cyber Scams – a visual guide to 25 of the biggest Internet scams.

If you’ve already been scammed do the following

  1. Change your password at https://twitter.com/settings/password
  2. Revoke permission from any unknown applications at https://twitter.com/settings/applications

My netbook has crashed

Broken Screen by John Julian Hansen Denmark / sxc.hu
Broken Screen by John Julian Hansen Denmark / sxc.hu
Broken Screen by John Julian Hansen Denmark / sxc.hu

My main workhorse is a eMachines m250 netbook. Last night it decided to crash. Now it only boots under XP safe mode or Linux from a USB.

Most of my apps are on the cloud in some way or other, so I am not actually missing anything. But it is inconvenient, there are some local files I’ve moved to a USB stick to keep working.

In the past, a system crash like this would have shut me down for at least a few days. I’ve wasted this morning trying to recover the machine. But now I give up, time for some sort of netbook distro of Linux and move on. Working that out will waste a few more hours later tonight.

I think I’ve lost some of my Tweetdeck setup, plus some downloaded media and white papers, but nothing important I can think of.

Why are businesses still using PC’s and local storage?

How to update Facebook status from Google+

I prefer Google+ over Facebook for sharing because

  1. paradoxically I trust Google’s privacy commitment more than Facebook
  2. Google let’s me take my connections with me when I leave
  3. per post privacy options

But I realize that Facebook has 600 million users and so much better reach.

Here’s a tip for updating your Facebook status from Google+

  1. go to http://www.facebook.com/mobile/ and copy your personalized upload email address
  2. When sharing on Google Plus add that email address in the +add more people box.
  3. You can create a circle with just email addresses of “update via email” services. Add that circle to any update you want shared on other services. My circle is called Statuses.

The update is limited to the first 45 characters and shows as “via Email”. I’ll update this post when I find a better way to do this.