Twitter users are being targeted by cyber crooks in a widespread phishing campaign. The attacks are spread via messages tagged ‘This you???’ followed by a link to a spoof Twitter log-in web page.
Entering details on the page simply sends the attacker your username and password. This in turn might then spread through your Twitter follows and into your other social media sites.
Data security specialists Imperva recently revealed that passwords to Web 2.0 services like Twitter are commanding big bucks on the cybercrime black market.
“There are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account,” said chief technology officer Amichai Shulman.
“Twitter accounts are valuable to criminals who will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities,” he said.
“If this isn’t a wake-up call to anyone with multiple IDs that use the same password, I don’t know what is. Internet users – especially those with business accounts – need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials,” he added.
Security software specialist AVG yesterday released a list of guidelines for staying safe on Twitter:
Limit what you sayIt’s easy to tweet about where you are and what you’re doing, but do you think about who is listening? What might seem like a harmless comment initially could be used to piece together a picture of your whereabouts and plans! Unless your tweets are protected, they are going to be out in the public domain. Fraudsters can use this information in many ways.
Be careful what you click on Be suspicious about links that you are sent and posted. Many people use URL shortners on Twitter, so it is often very difficult to check what you are clicking on. If in doubt, don’t click.
Be vigilant Watch out for suspicious activity in your tweet stream and inbox. If you start receiving strange messages or your friends are being unusually spammy, it might be worth double checking that their account hasn’t been compromised.
Think before you tweet Remember, the whole world can see what you write and even though tweets can be deleted, they are still searchable. Don’t tweet when you’re in a state of mind that might have you saying something you’ll regret later. While it is funny thinking about it, the consequences are often not as amusing. Additionally, by including ‘hash tags,’ you increase the search for your chosen term, so think about who will be searching for your tweets.
Don’t be too trusting You can never be sure the stranger you ‘networked’ with via Twitter is who they say they are. Don’t be easily befriended by strangers on Twitter who may not have your best interests at heart.
Check third party applications There are hundreds of applications out there for Twitter. Before signing up to one of these, check to see that they are safe. You can do this by looking for mentions of the tools on trusted sites. Remember that the apps generally require your password and log in details so be extra cautious before sharing this information.
Password information Use different passwords, or even better still, set up separate email accounts for your social networks. That way, if you stop your account, you can easily delete the email account too. Be mindful of where you are sending your updates and the types of security questions you set.
Signing in Check your browser settings on your computer so that your information is not stored for anyone else to see if you are on a shared computer.
Watch out for phishing attacks As Twitter gets more popular, the likelihood of phishing attacks grows. Be aware of attempts to get users to give up their login and passwords by tricking them with fake tweets and direct messages.
Being mobile Be mindful about who might have access to your mobile phone. If you have a Twitter application, make sure you log out once you’re finished with it.