 |
Beware of the Twitter Direct Message Spam!
24 May 2012 | by There are lots of scams on the Internet and I’m usually pretty good at catching them right away. This one, however, was a little trickier and I wanted to take a minute to spread the word about it so that you don’t fall prey.
I received an e-mail notifying me that I had received a Twitter direct message (though Twitter’s user-to-user messaging system).
A crazy Tweet about ME?! It sounded scandalous! I immediately clicked through the link in the notification to see what the ruckus could be. But wait…
OK, now I was starting to get a little suspicious. I don’t normally stay logged into my Twitter account, but I’ve never had to sign in to view a Tweet. A little bit of a closer look revealed this:
Sure enough, the URL was “tvviiter.com” — a common “phishing” scam where the bad guys try to trick you into entering your username and password into an otherwise authentic-looking login screen.
Disaster averted!
So what happened here? Most likely the victim who sent me the direct message in this case, clicked on a similar link at some point and had their username and password stolen. The scammers then logged into their account, Tweeted out a spam message to the person’s followers offering whatever male enhancement product of the day, and then tried to trick more folks into giving their info by sending out direct messages through the victim’s account.
Unfortunately, unlike most “phishing” scams that are obvious forgeries, these appear to the recipient as legitimate Twitter direct messages. The key tip-off, however, is the fact that the login URL is not “twitter.com” but a spoofed misspelling of the domain name.
The moral of this story… make sure you know “where you are” when you enter your username and password! A hacked Twitter account is a lot less of a big deal than a hacked bank account.
4 Responses to “Beware of the Twitter Direct Message Spam!”
 Ham Radio Deluxe |
 Ham Radio Prep |
 KB3IFH QSL Cards  Hip Ham Shirts  HamRadioAuctions Reliance Antennas Enigma Shop |  morseDX  Ni4L Antennas  R&L Electronics antennas.us Ears to Our World |
- Matt W1MST, Managing Editor
Yeah that is similar to one on facebook that is of the “omg did you see what so and so said about you” variety. I hate that stuff and if one is on a mobile phone like me..its not easy to do the link hover tactic to look for spoofed urls. But timed out sessions will be something to be aware of in case something passes by the spam filter in my head.
All Twitter users should carefully consider who they allow access to their account.
I’m talking about permitting external applications to have access to your username and password. Still don’t know what I mean? Go to your Twitter account on the Web and view your SETTINGS and then APPS. Here will be a list of all the applications that you have permitted to access your account in some way or another.
I’m always suspicious of the many free add-on services where they will tell you your “Cool Twitter Score”, show you who just unfollowed you, or some other bit of nonsense in exchange for you giving them permission to access your account.
Keep this list to an absolute minimum and change your password frequently.
73, Jeff
Matt
Thanks for the posting. I had received several tweets saying the people were saying bad things about me.
I changed my twitter password. I found the twitter add on services page and I was amazed how many apps had connections to my twitter account. I shut a bunch of them down.
73
Randy
K7AGE
There’s a better way to avoid these problems, don’t use Twitter or Facebook.
I don’t trust any of these social networking sites as far as I can throw them. I get along just fine without the need for any of them.
73’s Joe KB3PHL