Twitter Hacking Goes to the Next Level…
During this year we’ve seen many phishing scams that were pretty simple. In essence, twitter users were asked to go to a certain url (usually to watch some funny video or download digital “gift”), and on that page they saw something similar to twitter login screen. So they assumed they have to login to “twitter” in order to watch this video.
Of course, this “twitter login page” was nothing more than just a page mirroring actual twitter login page, and its whole purpose was to gather the usernames/passwords provided by unsuspicious twitter users…
Then perpetrators used those accounts to twit the same url (and other malicious links containing trojans and viruses) to other twitters.
Watch this video to better understand the mechanics of this twitter phishing scheme:
Now hackers changed their tactics. Sure, “twitter mirror” is very “productive”, so it’s not going anywhere, hackers will continue to use it. But instead of sending twits from the compromised accounts, they now send direct messages.
If you think about it, it’s much more effective for hackers, and much more dangerous for average twitter users.
If twitter user will see a few messages posted on her/his account, s/he will quickly realize that account is compromised, and will change the password. Then the game is over.
With direct messages, on the other hand, it’s quite another story. How many people actually check their outgoing DMs within twitter account? Exactly. Only a few. People look at the incoming DMs, because that’s the messages from their friends. But they probably haven’t look at their outgoing DMs even once since they set up automatic welcome message.
So the chances of average twitter users to notice abnormal DM activity in their accounts are minimal…
If you’re reading this post, and you’re avid twitter user, please go and check your DMs right now. And if you see suspicious activity, change your twitter user/password asap.
posted in Identity Theft, Main, Online Business Security, Online Privacy | 0 Comments
