|Twitter Warns News Organizations Of More Phishing Attempts|
| 1:30 pm on Apr 30, 2013 (gmt 0)|
The phishers are getting more sophishticated (sic) and i've seen some good ones come through. They are targeting big and small services in the hope that they discover usernames and passwords, allowing them to log in elsewhere.
|On Monday, Twitter sent a memo to major media and news outlets about the threat — if they hadn't known already or at least reported on some of them — and noted that it believed these "attacks will continue." |
|Twitter acknowledged that the "incidents" appear to be "spear phishing attacks that target your corporate email," that appear to be legitimate emails and are often sent directly to the account holder. |
The memo also noted: "Don't use this computer to read email or surf the web, to reduce the chances of malware infection," and to "minimize the number of people that have access" to accounts to prevent human error.Twitter Warns News Organizations Of More Phishing Attempts [zdnet.com]
AP Twitter Account Phishing, Fake Tweet Falsely Described White House Explosions [webmasterworld.com]
| 3:19 pm on Apr 30, 2013 (gmt 0)|
Twitter should do something about their security, it's ridiculous.
I once had a big customer that had their CC's stolen off their site, several times, and that server was hardened to the max. We even got the FBI involved if I remember correctly and nobody could ever figure it out as it was NOT coming from any unknown source, only the client IPs ever accessed the CCs. Couple of years later some hacker in Canada got busted and I later learned that he had a trojan on a machine inside their office and was tunneling in via their IP address which is why we couldn't catch anyone doing anything unusual.
They thought they had a hardened corporate firewall too, guess not!
I knew it wasn't our server at fau
So the idea of a single clean machine that is only used to access critical data, or a twitter account, is not a bad idea if you're a big company like AP.
| 4:18 pm on Apr 30, 2013 (gmt 0)|
Human error is the major part of the problem, here. I keep banging the drum to my friends and colleagues over phishing.
Twitter is working on two-stage authentication, but it can't happen soon enough, imho.
| 5:36 pm on Apr 30, 2013 (gmt 0)|
Phishing only works on the naive.
Don't click stuff even if you know the sender thanks to Facebook breaches I get phishing attempts from my daughter and her machine is clean, it's just her name on some other email address. You must check everything before trusting it and even then it's not safe.
Check the link before you click it, make sure it's real.
When checking it's still hard to always tell even then as I've seen phishers add subdomains to sites and you see things like "ebay.com.example.com/youreabouttobescrewed.html" which would easily confuse those that don't know what a subdomain is and CLICK!