Recently there has been an onslaught of Twitter Phishing scams that has been causing problems for users of the popular social network. Phishing is basically when an evil doer tries to obtain usernames, passwords, or other secret information from a social network user. In the case of with Twitter, the phisher sends a private message to users that requires them to act on a link – asking them to enter information related to their Twitter username and password into a landing page purportedly to get some information about the link. The link is often a vanity link or “Is this photo of you?” or perhaps, “Is this blog post about you?”. They appear to be from trusted friends in the network and many of us – yes, I too, have scammed in a phishing incident – click through, offer up our user name and password to a Twitter-appearing site, and wait for the link. When nothing happens, we come to the conclusion it must be a bad link, or it might have been a wrong user name and password, or many other variations. In the meantime, you have just turned over your password and user name to the Phishing scammer and that person now has access to prey upon your network.
If you have been subject to this type of scam, it is important that you immediately change your password and log out of your system. This will not instantly put a stop to the scammer as they probably have back end access to your account, but it will prevent them from being able to log in again in the future. I try to make it my practice to log in and change my passwords on my system every week. In some cases when there is a large amount of phishing going on, I will change my password daily.
The best practice when using a social network, is to never give your information of a user and password unless you know for certain that the URL you have logged into is the trusted URL. If a landing page asks for your Twitter user name and password, leave the site immediately and run, don’t walk, to change your password. New applications are coming out everyday and many of them ask for you to use your Twitter or Facebook logins to join their networks. If you have to manually type those into the system, it usually means that it is not accessing the secure already-logged-into systems of Twitter or Facebook. Again, leave immediately and change your password.
If something smells fishy, or in this case “phishy”, be careful. You can’t be sure what might happen if your user name and your password end up in the wrong hands.
Related Posts
Tags: phishing, phishing schemes, scammers, social media, social networks, Twitter
