October 17, 2011

Twitter Phishing Scam: “So I guess there’s a bad blog going around about you, seen it?”

There is a new scam being sent around on Twitter, very similar to a phishing scam written about in July by NakedSecurity.  It all starts when you receive a Direct Message from a friend letting you know that a ‘bad blog’ has been published about you, along with a link that urges you to check it out.

If you click on the link, you are taken to a page that looks almost identical to the Twitter homepage.  However, the URL of this webpage is twittler.com instead of twitter.com, which on a mobile device is even harder to distinguish because they are so small.  If you mistake this fake page for the actual login screen and enter your login information, the people behind the phishing scam now have access to your account and can continue sending the scam to all of your Twitter contacts.

Many people are understandably worried after receiving a message that suggests there is a negative blog post written about them, and have fallen victim to this scam.   If you were tricked don’t worry, you aren’t alone:

  • Change your Twitter password immediately. If you use that password for other accounts, change them too and moving forward don’t use the same login for two different accounts
  • Let all of your followers know about the scam and tell them not to click on any links from you
  • Visit the Twitter Help Center for more tips

Some useful tips to stay safe in the future:

  • Don’t click on a link if something looks fishy. (Tiny URLs are great to use on Twitter but you don’t always know where the link will lead you.  A simple tool like LinkPeelr will help you get to the real destination of the link, and you can decide whether or not that destination is safe.)
  • Use a strong password, and don’t use the same password for multiple websites.
  • Follow Twitter’s @Spam and @Safety accounts for timely information on new scams.
  • Download a security app like Lookout that reviews every link you click to make sure it’s safe.
Leave a comment