Twitter Starts Fighting Malicious Links Via New Service
Because Twitter users were hit by a phishing attack late last month, the team behind the popular micro-blogging service has decided to take measures and fight back. Phishing attacks are nothing to joke about. The bad guys usually pose as someone the user knows and send that user a Direct Message. Inside the message there’s a link that leads to a fake Twitter page. If the user falls for it and enters his login credentials (username and password), then the bad guys can take those credentials, access his Twitter account, and use it for various malicious reasons.
“We designed the Direct Message system so that you could only get DMs from accounts that you choose to follow—this cuts way down on spam and attacks. Our Trust and Safety team identifies and deletes spam accounts every day. Still, we recommend against indiscriminately following hundreds or thousands of accounts without having a look first,” commented Twitter Co-Founder, Biz Stone, last month when the phishing attacks occurred.
Even though Twitter advises caution, there are people that will click the link, genuinely believing it is from a friend. And that is when the sh*t hits the fan. As Director of Twitter’s Trust and Safety team, Del Harvey, explained, the team focuses on fighting spam and abuse, but it can detect a malicious link only after said malicious link has already been posted to Twitter. So to better fight spam, scams and abuse, Twitter launched a new service that detects malicious links before being posted to Twitter.
“We’re launching a new service to protect users that strikes a major blow against phishing and other deceitful attacks. By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we'll be able keep that user safe. Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes,” explained Del Harvey.
You may notice links in Direct Messages and email notifications shortened to twt.tl though.
“We designed the Direct Message system so that you could only get DMs from accounts that you choose to follow—this cuts way down on spam and attacks. Our Trust and Safety team identifies and deletes spam accounts every day. Still, we recommend against indiscriminately following hundreds or thousands of accounts without having a look first,” commented Twitter Co-Founder, Biz Stone, last month when the phishing attacks occurred.
Even though Twitter advises caution, there are people that will click the link, genuinely believing it is from a friend. And that is when the sh*t hits the fan. As Director of Twitter’s Trust and Safety team, Del Harvey, explained, the team focuses on fighting spam and abuse, but it can detect a malicious link only after said malicious link has already been posted to Twitter. So to better fight spam, scams and abuse, Twitter launched a new service that detects malicious links before being posted to Twitter.
“We’re launching a new service to protect users that strikes a major blow against phishing and other deceitful attacks. By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we'll be able keep that user safe. Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes,” explained Del Harvey.
You may notice links in Direct Messages and email notifications shortened to twt.tl though.
