If you use Twitter much at all, you’ve probably heard about the recent phishing attacks spreading through direct messages. Even super-savvy blogger/novelist Cory Doctorow and a British cabinet minister were tricked by this little scam.
If you got one of the annoying “This you???????” direct messages yourself, hopefully you didn’t click on it. If you did and ended up at URL that wasn’t in the twitter.com domain, hopefully you didn’t enter your twitter account name and password. But if you did enter your login details, all of you followers got a direct message that phished for their Twitter credentials.
Embarrassing—especially if your boss or someone cool like ‘Weird’ Al is following you. So now you have to change your password again and apologize to your friends for spamming them. It’s not terrible compared to getting your banking account phished. However, it’s probably part of a larger, darker plot.
So don’t make life easy for scammers.
Here’s a trick that will keep you from ever being phished on Twitter: Don’t click on any of the links.
There you go. Simple.
But you can’t do that? The links are fun? I understand. Where else can you find cool stuff like this?
OK. Keep your security software updated, and extend those shortened links so you know where you’re going (Longurl.org‘s Firefox extension is great). If you’re doing that, clicking on the links in your public feed or time-line should be fine.
But don’t click on the links in your direct messages. As you know by now, the bad guys can take over your friends accounts and exploit your trust. And you know that most of the direct messages you get on Twitter are auto-generated and pretty useless. So as a general rule, don’t click on any link in your direct messages. And if you MUST click on a link in your direct messages, check it out with F-Secure’s free Browsing Protection. In fact, if check any link you’re suspicious of with Browsing Protection. You’ll be glad you did.
The links on Twitter and any social networking site may lead to trouble . So enjoy those Tweets but watch those links.
What the hell happened? On May 12, 2017 multiple organizations were hit by crypto-ransomware called WannaCry. Infected…
May 13, 2017
There’s an interesting set of competing objectives unfolding at present as it relates to the…
April 11, 2017