A Tweeters Guide to Twitter Scams
 |
 |
 |
 |
With Twitter’s monumental growth, there has been an increase in the amount of scammers looking to exploit individuals for profit either by the technology itself or by “social engineering“. Many of the same security disciplines required when using email or the web in general now apply to Twitter.
Sounds Phishy: Just like in email, getting a direct message or invitation to click a link has to be judged before following it. There have been many instances of scammers inviting tweeps to follow a link with a phrase such as “Who posted that pic of you on Twitter!!!!” Any Tweep following the link will be directed to a fake twitter logon page or other similar data gathering page. With enough data, any scammer can fill in the rest.
Give me your security question answers: This was an excellent example of social engineering. The recent twitter porn names scam was simply a hashtag trend started inviting people to create a twitter porn name by adding various common security question answers such as your pet’s name. Once someone tweets this info the scammers had the username and a selection of common security question answers. A few trips to Yahoo mail or Gmail would probably get you into someone’s bank account.
Sure buddy, just send me your credit card number: Tweet about how much you want product X. A certain scammer will befriend you as an employee of the company that makes Product X. After he builds up a little trust, he will offer you Product X at a special, insider price. Email him your credit card or bank info, game over.
Phone Home: “You have just won a free cell phone!” the tweet says. Clicking on the link and after filling out you cell number and basic details, you will just auto-enrolled on a $20/month horoscopes or similarly unwanted messages direct to your phone by text scam.
Worming in: Another recent Twitter attack that was more benign than malicious where an industrious but “bored” hacker used a javascript hack to take over Twitter accounts to spam twitter. Titled “Stalkdaily” or “Mikeyy”, it owned twitter for a few days. This, in honesty, was Twitters problem and not the users but users who used third party software clients to access Twitter like Tweetdeck were immune. This exploit in the hands of a more ill-intentioned individual might have delivered a few sad stories.
If we missed on any, simply tell us in the comments or link to the info. Safe tweeting.
Jonathan - Advanced Life Skills
May 21st, 2009 at 11:56 am
Thanks for this post. Every time I read about such things it leaves me with one burning question. What kind of a world would it be if the engineers of all of the above found constructive and productive outlets for their talents?
Jukka H
May 21st, 2009 at 1:40 pm
” A few trips to Yahoo mail or Gmail would probably get you into someone’s bank account.”
Luckily in Finland it is really difficult to hack into individuals bank account via web. We have quite complex and clever system with passwords etc. stuff.
Stolen cc-numbers are of course issue also here.
Doson
May 22nd, 2009 at 10:34 am
Very true..
I’m sure we have millions of spammers(twitter)
I keep changing my twitter password every two months
Blogistan Panoptikum KW21 2009 auf datenschmutz.net
May 25th, 2009 at 1:53 pm
[...] wie die Belehrungen unserer schwimmenden Fauna: If something smells phishy, it probably is! Dieser Artikel klärt Social Media n00bs über die populären Strategien von Scammern auf: With [...]
Dick
May 25th, 2009 at 7:07 pm
What about these chumps that offer 10,000 followers overnight? For a measly 39.99 they will have you making money on twitter while you sleep.
Yeah, right!
Mustafa
June 3rd, 2009 at 5:38 pm
@Jonathan I think Heaven or so
StopScam
July 6th, 2009 at 8:34 am
Follow me to get this and other info about scams and cons! We can stop it. At least to some degree.