A Tweeters Guide to Twitter Scams
With Twitter’s monumental growth, there has been an increase in the amount of scammers looking to exploit individuals for profit either by the technology itself or by “social engineering“. Many of the same security disciplines required when using email or the web in general now apply to Twitter.
Sounds Phishy: Just like in email, getting a direct message or invitation to click a link has to be judged before following it. There have been many instances of scammers inviting tweeps to follow a link with a phrase such as “Who posted that pic of you on Twitter!!!!” Any Tweep following the link will be directed to a fake twitter logon page or other similar data gathering page. With enough data, any scammer can fill in the rest.
Give me your security question answers: This was an excellent example of social engineering. The recent twitter porn names scam was simply a hashtag trend started inviting people to create a twitter porn name by adding various common security question answers such as your pet’s name. Once someone tweets this info the scammers had the username and a selection of common security question answers. A few trips to Yahoo mail or Gmail would probably get you into someone’s bank account.
Sure buddy, just send me your credit card number: Tweet about how much you want product X. A certain scammer will befriend you as an employee of the company that makes Product X. After he builds up a little trust, he will offer you Product X at a special, insider price. Email him your credit card or bank info, game over.
Phone Home: “You have just won a free cell phone!” the tweet says. Clicking on the link and after filling out you cell number and basic details, you will just auto-enrolled on a $20/month horoscopes or similarly unwanted messages direct to your phone by text scam.
Worming in: Another recent Twitter attack that was more benign than malicious where an industrious but “bored” hacker used a javascript hack to take over Twitter accounts to spam twitter. Titled “Stalkdaily” or “Mikeyy”, it owned twitter for a few days. This, in honesty, was Twitters problem and not the users but users who used third party software clients to access Twitter like Tweetdeck were immune. This exploit in the hands of a more ill-intentioned individual might have delivered a few sad stories.
If we missed on any, simply tell us in the comments or link to the info. Safe tweeting.
Thanks for this post. Every time I read about such things it leaves me with one burning question. What kind of a world would it be if the engineers of all of the above found constructive and productive outlets for their talents?
” A few trips to Yahoo mail or Gmail would probably get you into someone’s bank account.”
Luckily in Finland it is really difficult to hack into individuals bank account via web. We have quite complex and clever system with passwords etc. stuff.
Stolen cc-numbers are of course issue also here.
Very true..
I’m sure we have millions of spammers(twitter)
I keep changing my twitter password every two months
Pingback: Blogistan Panoptikum KW21 2009 auf datenschmutz.net
What about these chumps that offer 10,000 followers overnight? For a measly 39.99 they will have you making money on twitter while you sleep.
Yeah, right!
@Jonathan I think Heaven or so
Follow me to get this and other info about scams and cons! We can stop it. At least to some degree.
I think http://www.TweetScam.com has it all worked out.