Welcome to WebmasterWorld Guest from

Forum Moderators: rogerd

Message Too Old, No Replies

Twitter Warning of Account Phishing

6:22 pm on Jan 5, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
votes: 578

The Twitter blog reports of account phishing attempts.

link [blog.twitter.com]

If you receive a direct message or a direct message email notification that redirects to what looks like Twitter.comódon't sign in. Look closely at the URL because it could be a scam.We've identified a phishing scam directed at Twitter users and we don't want you to get tricked into giving your password to a scammer.

This particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email says something like, "hey! check out this funny blog about you..." and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it's a fraud and you should not sign in.

6:33 pm on Jan 5, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 22, 2003
votes: 0

CNN anchor Rick Sanchez gets phished:

"i am high on crack right now might not be coming into work today"


6:47 pm on Jan 5, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 27, 2001
posts: 12172
votes: 61

It appears that quite a few big names got hacked with Fox News and Britney Spears in the mix.

I'd expect to see much more of this moving forward. The way people share their usernames/passwords with third party services is pretty alarming. The article even makes mention of it...

And because there are so many third-party applications based on Twitter's application program interface (API), tons of avid users are used to throwing their Twitter passwords around left and right. That is, it goes without saying, probably not the safest habit to get into.

Reputation Management

6:50 pm on Jan 5, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 20, 2008
votes: 0

it's the paypal plague; bill o riley came out of the closet: [farm4.static.flickr.com...]
7:19 pm on Jan 5, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 24, 2003
votes: 0

While this kind of news may give some of us a laugh, there is a more serious issue of infrastructure design that this news really underscores.

Too many of these sites are not paying attention to basic security concepts. A failure to really do things that are obvious like maintaining some form of educational programs for users to help them understand the nature of the "Bad Guys" and how to avoid identity theft are lacking at major sites. If a top CNN anchor can fall for this kind of nonsense, certainly "joe 6 pack" does not have much of a chance. Our job as webmasters is partially to help folks understand how to secure themselves because it goes to our own best interest to keep trust and security online high on our priority lists.

Perhaps sites will learn the benefits of using such basics as encryption keys to help users authenticate themselves. While that may not help in cases where a user's machine has already become a compromised zombie like its owner, for the slightly more alert, it could present a vehicle to idenfity and secure users.

Of course, with "trusted" certificate issuers still working from MD5 algos rather than SHA for their "secure" certs, even core infrastructure companies need to pay better attention. But *that* is a whole other story.


8:35 pm on Jan 5, 2009 (gmt 0)

Senior Member

joined:July 29, 2007
votes: 100

I suggest those who get hacked keep a close eye on their spam email folders for emails originating from their own websites. It's not so much the twitter accounts and ability to send twitter messages some people want to hack, they'd much prefer sending out spammy emails that appear to be from you. Getting into your twitter account is just an added bonus but they are checking to see if that infor gets them into juicier places too.

[edited by: JS_Harris at 8:36 pm (utc) on Jan. 5, 2009]

7:13 am on Jan 6, 2009 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 99

I'd suggest that people getting hacked and phished stop using email until they get educated on what's clickable and what's not clickable.

It's not that complicated, even my 76 yo mom knows better...