One of my editors was surprised to find out that he’d tweeted something about pop singer Avril Lavigne. While he no doubt appreciates Ms. Lavigne’s catchy songs, he saves his Twitter account for business-related commentary and never sent out that message. So what’s going here?
It appears that he’s one of a growing number of people whose Twitter accounts have been hijacked. Why would someone bother? Money. Your Twitter account, says Graham Cluley of the Sophos security consultancy, is worth money … to others.
3 Ways to Save Yourself After a Phishing Attack
“Cybercriminals are keen to compromise your Twitter account, so they can spam out messages [either as public tweets, or less obvious direct messages to your online friends] in the hope that some recipients will click on the links,” he blogged recently. “What lies at the end of the links can vary. It might be a web page offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer.”
Common poisoned tweets may claim to have found a funny picture of you, say that you look like you’ve lost weight, or that there’s a horrible blog going around about you.
If you see one of those, delete it, and if you want to be an upstanding netizen, report it to the real owner of the account.
One way these attacks are engineered is by taking the recipient of a tweet to a page that looks a lot like the Twitter log-in page. But it isn’t. If you’re not paying attention you’ll log in again, only this time your information will be harvested by a bot, and your account is no longer controlled by you.
Once you notice that your account is spewing out junk, change your password immediately.
Twitter, of course, isn’t the only social networking technology that has attracted the attention of hackers and spammers. Facebook accounts are frequent targets these days, with attacks disguised as things like notices of lottery winnings in a contest you never entered.
Sure, most of us are way too savvy to believe that a $1 million is about to fall out of the sky, but because the scam is so prevalent, it’s fairly clear that people are falling for it. I assume that you won’t, but since Facebook is such a frequent target, it’s worth being very careful about Facebook messages that come from unfamiliar email addresses.
Lately, I’ve noticed that I keep getting notifications that I’ve missed Facebook updates. But once I look at the email address it’s obvious that the message is a fake and it’s really a phishing attack. Watch out.