homepage Welcome to WebmasterWorld Guest from 54.224.202.109
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Twitter Warning of Account Phishing
engine




msg:3819665
 6:22 pm on Jan 5, 2009 (gmt 0)

The Twitter blog reports of account phishing attempts.

link [blog.twitter.com]
If you receive a direct message or a direct message email notification that redirects to what looks like Twitter.comódon't sign in. Look closely at the URL because it could be a scam.We've identified a phishing scam directed at Twitter users and we don't want you to get tricked into giving your password to a scammer.

This particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email says something like, "hey! check out this funny blog about you..." and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it's a fraud and you should not sign in.


 

skipfactor




msg:3819671
 6:33 pm on Jan 5, 2009 (gmt 0)

CNN anchor Rick Sanchez gets phished:

"i am high on crack right now might not be coming into work today"

[news.cnet.com...]

pageoneresults




msg:3819683
 6:47 pm on Jan 5, 2009 (gmt 0)

It appears that quite a few big names got hacked with Fox News and Britney Spears in the mix.

I'd expect to see much more of this moving forward. The way people share their usernames/passwords with third party services is pretty alarming. The article even makes mention of it...

And because there are so many third-party applications based on Twitter's application program interface (API), tons of avid users are used to throwing their Twitter passwords around left and right. That is, it goes without saying, probably not the safest habit to get into.

Reputation Management

nealrodriguez




msg:3819684
 6:50 pm on Jan 5, 2009 (gmt 0)

it's the paypal plague; bill o riley came out of the closet: [farm4.static.flickr.com...]

Commerce




msg:3819700
 7:19 pm on Jan 5, 2009 (gmt 0)

While this kind of news may give some of us a laugh, there is a more serious issue of infrastructure design that this news really underscores.

Too many of these sites are not paying attention to basic security concepts. A failure to really do things that are obvious like maintaining some form of educational programs for users to help them understand the nature of the "Bad Guys" and how to avoid identity theft are lacking at major sites. If a top CNN anchor can fall for this kind of nonsense, certainly "joe 6 pack" does not have much of a chance. Our job as webmasters is partially to help folks understand how to secure themselves because it goes to our own best interest to keep trust and security online high on our priority lists.

Perhaps sites will learn the benefits of using such basics as encryption keys to help users authenticate themselves. While that may not help in cases where a user's machine has already become a compromised zombie like its owner, for the slightly more alert, it could present a vehicle to idenfity and secure users.

Of course, with "trusted" certificate issuers still working from MD5 algos rather than SHA for their "secure" certs, even core infrastructure companies need to pay better attention. But *that* is a whole other story.

-Commerce

JS_Harris




msg:3819740
 8:35 pm on Jan 5, 2009 (gmt 0)

I suggest those who get hacked keep a close eye on their spam email folders for emails originating from their own websites. It's not so much the twitter accounts and ability to send twitter messages some people want to hack, they'd much prefer sending out spammy emails that appear to be from you. Getting into your twitter account is just an added bonus but they are checking to see if that infor gets them into juicier places too.

[edited by: JS_Harris at 8:36 pm (utc) on Jan. 5, 2009]

incrediBILL




msg:3820046
 7:13 am on Jan 6, 2009 (gmt 0)

I'd suggest that people getting hacked and phished stop using email until they get educated on what's clickable and what's not clickable.

It's not that complicated, even my 76 yo mom knows better...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved