With Twitter expected to top 18 million users by the end of this year, users of the widely utilized social media tool are seeing first-hand the ugly side of this popular platform. Another Twitter phishing scam reared its ugly head this week, aggressively sending out direct message spam, hoping to lure unsuspecting users to click on links sending them to malicious Web pages. Who is most susceptible to this phishing scam? It’s believed to be users who are utilizing applications to gain a large number of followers. By signing up for that service, it would also cause you to automatically follow those who now follow you.
What does this mean? When you follow someone on Twitter you open the door for him or her to send DMs to you. You will then start receiving spam DMs from people you do not know and, more importantly, those you cannot necessarily trust. In the most current scam, these spam DMs contain a URL that when clicked on sends users to a very convincing but fake and malicious Twitter login page in an attempt to steal your Twitter login credentials. Historically, Twitter spam DMs contained URLs that have sent Twitter users to malware laden websites associated with the Koobface virus.
To avoid this type of scam, here are some general rules and recommendations to help reduce the risk of getting phished or exposed to malware on Twitter:
1. Cancel your subscription to the “Twitter User Follower Service.”
2. Know each of your followers. Don’t think in sheer numbers but quality of your network. Trim the list of people you follow to those who offer useful content you truly have an interest in.
3. Before you click on any suspicious looking links, check your follower and content. Ask your community of trusted networks to see if link is valid. From this incident, the malicious link came from even the trusted followers.
4. Use filtering methods such as TrueTwit to verify the followers before you follow.
5. Watch out for DMs that have funny messages such as “haha, that u on here” or “I make $300 a day” or strange video links.
Per usual, the best way to avoid this scam is to avoid visiting the link altogether, and to avoid providing your Twitter username and password on sites that look suspicious. If you feel as if you’ve been duped or a bot has taken over your account, immediately change your password so you won’t be automatically generating malicious links to other members of your community.
Even if you clean up your Twitter subscription lists, it only takes one person you follow who belongs to a “follower service” to potentially cause a bogus DM to be sent to your Twitter account.
For businesses that allow Twitter to be used in the corporate work environment, set strict rules and policies. Educate your employees on the security risks that these social networking applications can introduce and provide guidance and best practices on the ways to use them without compromising information. As these applications continue to grow in adoption and popularity, we will continue to see more of these phishing scams. Phishing scams within social networks take advantage of the inherent trust we as users tend to place in our connections within our social networks. Hence, it’s not necessarily a technical issue . It is up to the users to really educate themselves on the risks and intelligently navigate their way through the world of social media.
By setting a policy in place, it will help organizations better understand the security implications and risks of social media applications, and how to handle them effectively and efficiently.
