ZagZ.com Deep end of the alphabet

Film, Technology, Social Networking — a life online

How to Avoid Twitter phishing scams

Posted on September 20th, 2011 in Social Networks

If you receive a DM on twitter “This made me laugh so hard when i saw this about you lol” it’s a phishing scam to get your twitter login details. Your account will then send that or similar DM’s on to your friends.

Why are so many of my twitter friends caught out by this scam? These scams are most effective against users of mobile devices. It’s hard to read the misspelled URL that looks like twitter’s.

As this attack matures, the exact phrase used will change. The way to be safe on a mobile device is

  1. use the twitter client for your device or a well known 3rd party client (like TweetDeck).
  2. login on that client only
  3. don’t trust a DM from a contact that does not have context (see below)
  4. if you click on a shorted URL link that takes you to something that looks like twitter do not login – use your dedicated client program instead.

What is context? If you ask a friend to send you a picture and they reply with a URL, that is expected behaviour. If you didn’t ask for it and didn’t party at the Playboy Mansion with them last night, they don’t have a LOL photo of you. Assume they’ve been compromised and move on.

“Compromised” is very cloak and dagger but it’s also smart. At a time when the bad guys are selling compromised accounts and PC’s by the thousands, your login credentials are a commodity worth a fraction of a cent (e.g. 40EUR per 100,000 email addresses last night). So act like a secret agent and assume the worst, you’ll live longer.

Other phrases I’ve seen so far:

  • Hello somebody is making nasty things about you…
  • Hi someone is posting very bad rumors about you…
  • Someone is saying some real horrible things about you, seen this?
  • Seen this really nasty rumor/blog about you?
  • There is a rumor/blog going around about you might want to read it
  • Rumor has it there is some bad things about you
  • I saw a real bad blog about you, you seen this?
  • Found a funny picture of you!
  • I cannot believe what this person is saying about you! it’s pretty nasty stuff
  • You seen what this person is saying about you? terrible things..
  • Hey…you seen this yet? some horrible rumors about you going around online…
  • i cant believe this but there are some real nasty things being said about you here
  • Hey, so some real nasty things are being said about you here i cant believe what was said..

One Step Ahead: Empowering Parents in Today's World
Keeping safe online is the major challenge this century. If you are a parent you must get One Step Ahead: Empowering Parents in Today’s World

If you want more information on keeping safe online, I also recommend this great ebook Cyber Scams – a visual guide to 25 of the biggest Internet scams.

If you’ve already been scammed do the following

  1. Change your password at https://twitter.com/settings/password
  2. Revoke permission from any unknown applications at https://twitter.com/settings/applications

Tags: , , , , , ,

Leave a reply to How to Avoid Twitter phishing scams

Related Articles to How to Avoid Twitter phishing scams