Phishing in Adult Waters: New Twitter Phishing Scam
There is a new phishing scam on Twitter that is hooking a lot of people. I am getting an upward of 20 DMs a day with this scam.
Have you gotten this DM?
“Someone said this real bad thing about you in this blog….tiny.url/82734823”
or
“Is this you in this pic? ….tiny.url/93793”
or
“Is this you in this video?… tiny.url/979793”
There have been a number of DMs being sent that are phishing people’s accounts. In case you are wondering what phishing is, that is when a website steals your login information. They usually get the information by directing you to a website that looks like the website of the account where you received the DM or email. It asks you to login, and when you type in your information you just have the hackers your login. It is called fishing, because they are casting our a line (the DM) and hoping to get a bite (click on the link). The problem with fishing is that people will frequently click the link if it comes from someone they trust or if the body of the message is compelling enough. Many times the persons better judgement is overrun by curiosity about the cryptic nature of the message.
This most recent scam intrigues you by implying that there is something being posted on a blog about you that is disparaging. People will click the link in order to safe guard their reputation. Of course what you are really doing is going to a site that is trying to steal your login information. Then they will send that same DM from you to every one of your followers.
The danger of this from a reputation point of view is that man people will just unfollow you if they think you are sending them phishing emails, either because they don’t like that you are spamming them or because they don’t want to risk having their account phished. So having a hacker get a hold of your account has the potential to cause some serious damage to your online reputation. Imagine if they started tweeting from your account? What would they say?
So if you get a phishing email, do not click the clink. Do not even click the “view in twitter” link in the email notification. Go to twitter.com, login and delete the message. If you did click a link, immediately change your password. I would also post a message saying your account got phished and you may have sent out messages to people. Tell them not to click the link either.