This you??? Anatomy of a Twitter Phishing Attack

Over the last couple of days I’ve gotten at least 10 Direct Messages from Twitter friends – most of which are pretty well versed in modern web technologies and even one that calls herself a “social media expert”. The messages are all the same, the text “This you???” followed by a shortened link. The link takes you to a web page that looks a lot like the Twitter.com login page but when you log in your password is stored and passed on to evil people with eviler intentions yet to be unveiled.

Targeting (and hooking in) the pros

Twitter phishing attacks are nothing new but this one is a bit different – and all the more disturbing for it: It targets and manages to hook in Twitter power users more than any other exploit before it. This is done by taking advantage of the fact that most heavy Twitter users don’t actually use the regular Twitter.com page but rather a Twitter manager like TweetDeck or HootSuite. And whereas a person just using Twitter.com would immediately know something was up when they were redirected to the login page even though they were already logged in, a TweetDeck or HootSuite user would probably not be logged in and could potentially enter their information in a momentary lapse of reason.

Unknown agenda

Another thing that is disturbing about this particular attack is that unlike most other attacks which immediately start spamming people with badly disguised ads for teeth whitening, weight loss or other affilliate marketing junk, this one – at least for no – is only out to perpetuate itself sending out the same message over and over. This means there is probably some larger plan in progress, and so far we don’t know what that plan is.

Even more disturbing a lot of people use the same password for many things including their social media networks like Twitter, Facebook, YouTube, MySpace and whatever other timewaster fits their fancy. That means if someone gets a hold of their Twitter password they are likely to also have access to their other accounts, not to mention Gmail or Hotmail accounts!

How to aviod being phished (and what to do if you are a victim)

Twitter.com’s help has a comprehensive breakdown of how to reset your password, sever connections and get your account back if you are the victim of a phishing attack or your account has been hacked. If you think your account has been compromised it is paramount that you follow these steps immediately to protect your online identity. That link again is here.

Here are a few simple steps to avoid becoming a victim of a Twitter hijacking:

  • Have a complicated password. If you can’t think of one, here are a few ideas: Do like Mulder from The X-Files and swap out words with numbers. His password was “trustno1” where the word “one” was exchanged for the number 1. Do like my friend Craig and show your support for a sports team. He’s a big fan of the Vancouver Canucks and hates the Toronto Maple Leafs. His password is “canucks>leafs” i.e. Canucks bigger than Leafs.
  • Change your password regularly. By “regularly” I mean every 6 months or so.
  • If anything unusual happens, change your password immediately.
  • Don’t use the same password for everything. That may sound like a lot of work but I use an algorithm based on the site name that changes the first and last character of my password so it’s not that hard.
  • Don’t give your password away.
  • Check the URL in the address bar before you enter your password. If it doesn’t say Twitter.com but something else, it’s not Twitter.com.

2 thoughts on “This you??? Anatomy of a Twitter Phishing Attack

  1. Hey, that was definitely an interesting read. I had actually been searching for a photo printing related blog for a while now. Great! Is there a way to subscribe? because I can’t seem to find the information anywhere.

Comments are closed.