OT Phishing Scam via Twitter

Claude AlmansiBy Claude Almansi
Editor, Accessibility Issues

There is a phishing scam going round via Twitter direct messages sent from already compromised accounts. The message says something like “Is this (from) you?”, followed by an apparently legit link, but which redirects to a scam page that asks you to log into your Twitter account.

If you do, the phisher can in turn use your account to send the same message to all your contacts. And so on. The problem is that the phisher can also use your account to send other messages, like: “I’ve been robbed while I was in X on holiday, can you send me some money I’ll repay as soon as I get home”, for instance.

So, just as with e-mail phishing scam, the best way is not to click on the link. But if you’ve clicked, not to enter your account data unless you are rock-sure the request is from twitter. And if you have entered your account data, to change your password as fast as possible, and warn your contacts about the scam.

warning

That’s what I am doing with this post, because I got caught too.  I realized it a few seconds later and changed the password for the ETCjournal twitter account immediately. Although  no direct messages were apparently sent from that account during these few seconds before I did, it seems safer to send this warning.

In general: the tweets from the ETCjournal twitter account are automatically generated from its two feeds, Entries RSS and Comments RSS, via twitterfeed. So any twitter message by ETCjournal that does not bear the mention “from twitterfeed” should be considered a priori suspect.

6 Responses

  1. I’ve just received a phishing scam from Google Adwords. My wife received one from our bank. Phishing seems to be growing exponentially.

    Here are my own personal rules for email.
    1. Don’t click on email links.
    2. If you do click on a link, compare the actual address of the site with the purported address in the email.
    3. Don’t put any personal information, especially passwords, tax ids, etc., in forms unless you have entered the URL yourself.
    4. Be paranoid about the Internet.

  2. Claude, thanks for being so alert!

  3. Not all that alert, Jim, considering I clicked the link, entered our twitter account’s ID, and only realized afterwards what I had done and changed the password. Had it been a normal e-mail, I would have smelled a rat immediately. But these new social networks still baffle me enough to catch me off gard.

  4. Claude, it seems whenever we take a collective step forward, the “criminals” take two. LOL! If only they’d put their minds to good.

    • Well, maybe they don’t put their minds to good, but this kind of intellectual race is positive, because it keeps people alert. What’s far duller is countries – under the pressure of content industries – passing laws hallowing “anti-piracy” tech measures that don’t work, can’t work, but limit normal people’s rights. First with DRM, now with spying and tracking downloads of copyrighted works in p2p networks.

      Take the presumable part about “3 strikes” repression in the Internet chapter of the Anti-Counterfeiting Trade Agreement (ACTA) that is being secretly elaborated, but about which there are – artfully contrived? – leaks (1). Its outrageousness might be a poker bluff (2), but civil rights advocates can’t just bet that it is, so they have to dedicate heaps of time and energy raising a ruckus about it…

      (1) See Michael Geist’s ACTA-tagged posts.

      (2) The bluff hypothesis is suggested, for instance, by AngryAussie in TFU Friday – ACTA means the death of the Internet, from ca 5:55.

  5. Well, maybe they don’t put their minds to good, but this kind of intellectual race is positive, because it keeps people alert. What’s far duller is countries – under the pressure of content industries – passing laws hallowing “anti-piracy” tech measures that don’t work, can’t work, but limit normal people’s rights. First with DRM, now with spying and tracking downloads of copyrighted works in p2p networks.

    Take the presumable part about “3 strikes” repression in the Internet chapter of the Anti-Counterfeiting Trade Agreement (ACTA) that is being secretly elaborated, but about which there are – artfully contrived? – leaks (1). Its outrageousness might be a poker bluff (2), but civil rights advocates can’t just bet that it is, so they have to dedicate heaps of time and energy raising a ruckus about it…

    (1) See Michael Geist’s ACTA-tagged posts.

    (2) The bluff hypothesis is suggested, for instance, by AngryAussie in TFU Friday – ACTA means the death of the Internet, from ca 5:55.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s