With an estimated 3.7 billion phishing emails sent in the past year it is no surprise that phishers have set their sights on Twitter. The latest phishing scam sweeping the ‘Net' is a spam campaign designed to look like legitimate Twitter notifications.
The emails take many forms: Some resemble messages from Twitter customer support claiming that the site has detected an attempt to steal the receiver's Twitter password. Others claim that the recipient has changed the e-mail address associated with their account and ask them to confirm. The links in these emails lead either to a downloadable "secure module" which the emails claim will protect the account but is actually malware or to a phishing site designed to steal the user's account information. Online pharmacy spammers have also taken to Twitter-formatted emails to advertise non-FDA approved pills.
Those these scams don't seem very threatening at first (I mean, how much damage can some do with 140 characters?) but the repercussions having your Twitter account hacked are HUGE! Many people use the same password they use for Twitter for many other online sites; from Facebook to online banking, people just aren't taking necessary precautions with their passwords. So, if you enter your account information into phishing site and you use the same password for Twitter as sites like Facebook or your email that may house more personal information, the scammer can potentially get into your other accounts.
These scams, discovered by Trend Micro, are easily avoidable if you are aware of them and know what a legitimate Twitter email does and does not contain.*
- Twitter does not send links to "secure modules".
- Twitter emails request confirmations include the new account information.
- Twitter emails do no describe or promote new services or products.
* Twitter email specifications via Trend Micro
Before you get hacked, consider taking these precautions:
- Always read emails completely and thoroughly before clinking though the links. It can take a while for news of the latest scam to reach your ears so keeping a vigilant eye on all your emails is a must!
- Use different, high quality, passwords for Twitter, Facebook, your email, and your online banking account. Secure passwords contain a random series of lower and upper case letters, numbers, and approved symbols. Such passwords should be more than 8 characters in length
- Consider and Identity Protection service. Investing in and identity protection service, such as Intelius IdentityProtect, can prevent a scammer that acquires your information from using it. This useful advantage could save you tons of time and money.
Bookmark/Search this post with: