Phishing on Twitter is a threat to all users of the popular microblogging service - and it is difficult to recognise immediately.
On Twitter? Don’t Get Phished!
If you’re a regular user of Twitter, you will probably be aware that it is possible to be drawn into phishing scams while using the popular microblogging service.
Even if you have come across these Twitter phishing scams (which take the shape of brief messages and links to Twitter phishing sites) it is wise to be informed as to how they work. But what is phishing?
Defined by Wikipedia as: “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication,” phishing has successfully moved with the times, migrating from spam emails to Facebook and Twitter.
On Twitter, phishing scams work by sending messages including links to websites purporting to be innocent and secure but which are in fact designed to take and misuse your personal information.
What is Phishing On Twitter?
One notorious example of phishing on Twitter was via the direct message “Hi, this you on here?” (or similar) followed by a link. Clicking the link would take users to a page where they would be asked to provide personal details – however unsuspecting users were in fact submitting their details to Twitter phishing sites.
Twitter users a used to clicking on URLs (links) that don’t display the actual location of the targeted webpage – URL shortening services have become very popular as a way to send a link to followers and friends on Twitter without using up too much of the 140 character limit on updates.
For more information on URL shortening and phishing URLs, see What Is A Phishing URL and Phishing Link Checker .
Recent Twitter Phishing
In early 2010, some big names were been targeted by criminals phishing on Twitter. In the UK, the Twitter feed of online bank First Direct was compromised, as was a feed from the BBC broadcasting network and the personal feed of Foreign Secretary Ed Miliband, MP. These hijacks came via a variation on method described above, or with the message “hey, i’ve been having better sex and longer with this here” and similar sex-related direct messages. Again, Twitter phishing sites were used to farm user data.
Following the attempts to divert users to Twitter phishing sites, the microblogging service issued this notice on their status blog:
“While simply receiving this message does not mean your account is compromised, if you do click through and enter your username and password, you’ll want to change your password. If you’ve received this type of spam from a friend, you may want to alert them to change their password.”
Twitter also advises users to follow @safety in order to stay up to date with any new security flaws and threats.
Stay safe on Twitter by regularly changing your password, as well as regularly reviewing your followers. Twitter users who automatically make reciprocal “follow” commands to new followers are particularly at risk – it is difficult to tell initially whether the person you’re following is genuine or an automated spammer.
