Twitter Phishing Attempts Not a Problem with Twellow
Micro-blogging service Twitter has recently made the headlines of pretty much every online publication out there because some high profile accounts were hacked into, switching focus from a more widespread threat, phishing attacks. People with malicious intent will try to steal your Twitter login info and then use it to their convenience (things like locking you out of your account or spreading malware to your contacts).
“Twitter users are reporting that they have received direct messages from their online followers enticing them to visit a phishing website which attempts to steal their username and password. Users have been receiving messages such as: “hey! check out this funny blog about you…”and “Hey, i found a website with your pic on it…” which led - sometimes leapfrogging via a Blogspot page - to a website which posed to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary,” explains Graham Cluley from Sophos, company that specializes in providing security software solutions.
It is true that having your account hacked into (the high profile accounts this happened to include pop singer Britney Spears and president elect Barack Obama ) is a serious matter, more serious that a phishing attack. But the way I see it, all this hacking business is Twitter’s fault because it did not properly secure the tools that allow locked-out members to reset their email address. Phishing on the other hand is entirely your fault because you failed to spot the difference between the genuine Twitter page and a Twitter phising site.
So what can you do to stay protected? The first step is to closely check the URL in the address bar, especially if you arrive to the Twitter login page by clicking on a link. One other way would be to use Twellow when performing Twitter searches. For those of you that do not know what Twellow is, here is a basic explanation: it is very much similar to the traditional yellow-pages; it allows you to search for your area of interest and for people who twitter about things you enjoy.
Lead Developer of Twellow, Matthew Daines explains: “Twellow does not store your Twitter password at all in our database. We only use it to send a simple HTTPS request (that means it’s a secure connection) to the Twitter servers to see if you are actually the owner of your Twitter screen name. This is the approved method for verifying Twitter credentials according to the documentation on Twitter’s API site. Upon verification of your Twitter account, the password is discarded by our system.”
“Twitter users are reporting that they have received direct messages from their online followers enticing them to visit a phishing website which attempts to steal their username and password. Users have been receiving messages such as: “hey! check out this funny blog about you…”and “Hey, i found a website with your pic on it…” which led - sometimes leapfrogging via a Blogspot page - to a website which posed to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary,” explains Graham Cluley from Sophos, company that specializes in providing security software solutions.
It is true that having your account hacked into (the high profile accounts this happened to include pop singer Britney Spears and president elect Barack Obama ) is a serious matter, more serious that a phishing attack. But the way I see it, all this hacking business is Twitter’s fault because it did not properly secure the tools that allow locked-out members to reset their email address. Phishing on the other hand is entirely your fault because you failed to spot the difference between the genuine Twitter page and a Twitter phising site.
So what can you do to stay protected? The first step is to closely check the URL in the address bar, especially if you arrive to the Twitter login page by clicking on a link. One other way would be to use Twellow when performing Twitter searches. For those of you that do not know what Twellow is, here is a basic explanation: it is very much similar to the traditional yellow-pages; it allows you to search for your area of interest and for people who twitter about things you enjoy.
Lead Developer of Twellow, Matthew Daines explains: “Twellow does not store your Twitter password at all in our database. We only use it to send a simple HTTPS request (that means it’s a secure connection) to the Twitter servers to see if you are actually the owner of your Twitter screen name. This is the approved method for verifying Twitter credentials according to the documentation on Twitter’s API site. Upon verification of your Twitter account, the password is discarded by our system.”
