homepage Welcome to WebmasterWorld Guest from 54.145.183.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Twitter Warning of Account Phishing
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 3819663 posted 6:22 pm on Jan 5, 2009 (gmt 0)

The Twitter blog reports of account phishing attempts.

link [blog.twitter.com]
If you receive a direct message or a direct message email notification that redirects to what looks like Twitter.comódon't sign in. Look closely at the URL because it could be a scam.We've identified a phishing scam directed at Twitter users and we don't want you to get tricked into giving your password to a scammer.

This particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email says something like, "hey! check out this funny blog about you..." and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it's a fraud and you should not sign in.


 

skipfactor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3819663 posted 6:33 pm on Jan 5, 2009 (gmt 0)

CNN anchor Rick Sanchez gets phished:

"i am high on crack right now might not be coming into work today"

[news.cnet.com...]

pageoneresults

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3819663 posted 6:47 pm on Jan 5, 2009 (gmt 0)

It appears that quite a few big names got hacked with Fox News and Britney Spears in the mix.

I'd expect to see much more of this moving forward. The way people share their usernames/passwords with third party services is pretty alarming. The article even makes mention of it...

And because there are so many third-party applications based on Twitter's application program interface (API), tons of avid users are used to throwing their Twitter passwords around left and right. That is, it goes without saying, probably not the safest habit to get into.

Reputation Management

nealrodriguez

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3819663 posted 6:50 pm on Jan 5, 2009 (gmt 0)

it's the paypal plague; bill o riley came out of the closet: [farm4.static.flickr.com...]

Commerce

10+ Year Member



 
Msg#: 3819663 posted 7:19 pm on Jan 5, 2009 (gmt 0)

While this kind of news may give some of us a laugh, there is a more serious issue of infrastructure design that this news really underscores.

Too many of these sites are not paying attention to basic security concepts. A failure to really do things that are obvious like maintaining some form of educational programs for users to help them understand the nature of the "Bad Guys" and how to avoid identity theft are lacking at major sites. If a top CNN anchor can fall for this kind of nonsense, certainly "joe 6 pack" does not have much of a chance. Our job as webmasters is partially to help folks understand how to secure themselves because it goes to our own best interest to keep trust and security online high on our priority lists.

Perhaps sites will learn the benefits of using such basics as encryption keys to help users authenticate themselves. While that may not help in cases where a user's machine has already become a compromised zombie like its owner, for the slightly more alert, it could present a vehicle to idenfity and secure users.

Of course, with "trusted" certificate issuers still working from MD5 algos rather than SHA for their "secure" certs, even core infrastructure companies need to pay better attention. But *that* is a whole other story.

-Commerce

JS_Harris

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3819663 posted 8:35 pm on Jan 5, 2009 (gmt 0)

I suggest those who get hacked keep a close eye on their spam email folders for emails originating from their own websites. It's not so much the twitter accounts and ability to send twitter messages some people want to hack, they'd much prefer sending out spammy emails that appear to be from you. Getting into your twitter account is just an added bonus but they are checking to see if that infor gets them into juicier places too.

[edited by: JS_Harris at 8:36 pm (utc) on Jan. 5, 2009]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3819663 posted 7:13 am on Jan 6, 2009 (gmt 0)

I'd suggest that people getting hacked and phished stop using email until they get educated on what's clickable and what's not clickable.

It's not that complicated, even my 76 yo mom knows better...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved