Subscribe to RSS FeedThe other week I got a ‘tweet’ from a new colleague. The update seemed harmless enough. It enthusiastically pointed me a web site they thought was humorous. Suspecting nothing, I clicked on it. I thought it a bit odd when my browser opened to my Twitter account requesting that I log in, odd since I didn’t remember logging out. Then nothing appeared to happened.
Moments later, an update appeared from my account which was identical to the one my colleague sent. My stomach sank. I was Twitter scammed. (Yes, it does happens to IT folks from time-to-time!) I immediately logged in on a different machine and changed my password.
A number of updates were soon posted that it was a wide spread attack. Within a few hours Twitter had cleaned up all these infected message and reset those peoples’ passwords. The hacked accounts were used to tweet spam pushing diet supplements.
After getting over my embarrassment for falling for it (but hey, even a CNN anchor got his account hacked), I performed some forensics work on my colleague’s update. I used this experience to come up with a few tips on how to avoid getting caught up in a Twitter phishing scam:
- Check your address bar Before entering your login, check the address bar. The May 2009 phishing attack redirected users to the fake Twitter site tvviter . com, which is no longer online. (notice the double “v” and single “t”, as seen on this screendump). A great site to use to uncover phishing sites is Phishtank.
- While shortened URLs help keep updates under the 140 character limit, they also make it easy for someone to embed a fraudulent address into an update since there are no clues on the authenticity. I like to use TweetDeck since it expands the shortened URLs in updates so they can be examined. To check where they lead, visit longurl.com or install the LongURLPlease plug-ins that lets you hover over a shortened link and see the full URL before you click.
- If you have gotten caught up in a phishing scam you should change your password immediately. If that password is used for other sites you may wish to change those as well.
- Delete the infected messages from your Twitter feed and from wherever else they were syndicated.
Twittersblogs is Another Twitter Phishing Scam. On June 29th, hundreds of tweets went out with the message “omg!! is it true what they wrote about you in their twit blog?” and linking to a subdomain of the site twittersblogs.com.