Twitter Phishing Attempts Not a Problem with Twellow
Article by George Norman
On 07 Jan 2009
Micro-blogging service Twitter has recently made the headlines of pretty much every online publication out there because some high profile accounts were hacked into, switching focus from a more widespread threat, phishing attacks. People with malicious intent will try to steal your Twitter login info and then use it to their convenience (things like locking you out of your account or spreading malware to your contacts).

“Twitter users are reporting that they have received direct messages from their online followers enticing them to visit a phishing website which attempts to steal their username and password. Users have been receiving messages such as: “hey! check out this funny blog about you…”and “Hey, i found a website with your pic on it…” which led - sometimes leapfrogging via a Blogspot page - to a website which posed to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary,” explains Graham Cluley from Sophos, company that specializes in providing security software solutions.


It is true that having your account hacked into (the high profile accounts this happened to include pop singer Britney Spears and president elect Barack Obama ) is a serious matter, more serious that a phishing attack. But the way I see it, all this hacking business is Twitter’s fault because it did not properly secure the tools that allow locked-out members to reset their email address. Phishing on the other hand is entirely your fault because you failed to spot the difference between the genuine Twitter page and a Twitter phising site.

So what can you do to stay protected? The first step is to closely check the URL in the address bar, especially if you arrive to the Twitter login page by clicking on a link. One other way would be to use Twellow when performing Twitter searches. For those of you that do not know what Twellow is, here is a basic explanation: it is very much similar to the traditional yellow-pages; it allows you to search for your area of interest and for people who twitter about things you enjoy.

Lead Developer of Twellow, Matthew Daines explains: “Twellow does not store your Twitter password at all in our database. We only use it to send a simple HTTPS request (that means it’s a secure connection) to the Twitter servers to see if you are actually the owner of your Twitter screen name. This is the approved method for verifying Twitter credentials according to the documentation on Twitter’s API site. Upon verification of your Twitter account, the password is discarded by our system.”

Tags: Twitter, Twellow, Sophos, Phishing
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Twitter Phishing Attempts Not a Problem with Twellow
HTML Linking Code