malwareTag Archive -

How Twitter Can Fix Direct Message Spam

November 5, 2009 in Twitter with 5 Comments

Phishing spam on Twitter

Phishing spam on Twitter

Dear Twitter,

You have done an incredible job of responding to a massive influx of new users, especially over the last 8 months.  With growth reaching 1400% month over month, the need to react and support quickly has been critical, and for the most part I would say you have done so better than just about anybody else has that has seen such rapid growth on their platforms.   With the recent roll out of Twitter lists you have also added value to the community by providing a tool that people can use to pull some signal out of all of the noise.  Many are finding the lists as the place to discover and follow new people.  Thank you for all of your work.

A new phenomenon has bubbled up from the user community, and it’s something that I would like you to take quick and decisive action on.  Phishing scams have torn through Twitter on an almost daily basis for the last several weeks, with unsuspecting users clicking links and turning over their credentials.  The results have been painful to deal with…I’m receiving dozens, and sometimes hundreds,of direct messages from real people (not bots) every single day with messages like, “hey. do this iq quiz for me http://quiz6545.info” and “i found y0u http://videos.twitter.shjjiwe.com/?vpgdzxiaq”. This is phishing that is perpetuating too rapidly and it’s starting to ruin the communication platform for me. Here is what needs to happen to fix this… (more…)

New Twitter Phishing Scam

October 14, 2009 in Security and Privacy,Twitter with 2 Comments

phishing-accountsAnother day, another phishing or malware scam on Twitter. It seems like these are happening entirely too often, and the reason is that people continue to ignore common sense. Very, very rarely will a site hijack an account of some type without getting input from the account holder. The scam du jour is a Twitter hijack attempt that asks for a username and password, and once received will not only DM your followers with a message, but will also post it publicly on your account. The message will appear as one of the following, or a close variant:

  • hah, i think i seen u on here http://videos.dskjkiuw.com/
  • this you? http://videos.dskjkiuw.com/
  • lol this vid is funny. http://videos.dskjkiuw.com/
  • haha check out this vid http://videos.dskjkiuw.com/

DO NOT FOLLOW THESE LINKS AND GIVE YOUR LOGIN INFORMATION!!! This page will take your Twitter login credentials and hijack your account.  As of right now it appears to only try to propagate itself by getting others to log in, but it could use your account for other reasons.  If you did receive this and you did “log in”, you must CHANGE YOUR PASSWORD IMMEDIATELY!!! (more…)