Twitter phished!

January 6, 2009

Twitter has been recieving some not-so-great coverage lately due to phishing scams targeting users.  A ZDNet article reported that scammers are getting through compromised accounts rather than creating new accounts which are more prone to getting caught by anti-phishing techniques.

Apparently the decline in spam effectiveness has pushed the scammers to try reaching the masses through other means and Twitter is probably just one of the few popular platforms to target.

The unfortunate side of this is that the typical user seems oblivious to the dangers and may end up getting caught in these scams.  What is worrying is that the phishing techniques used are pretty much obvious to me – only a few made me think twice.

Things that I look for are:

• Strange URLs – random subdomain on a not-so-believable domain name i.e. ps2.kellywantsyou.com
• Your username popping up as a subdomain or url path in a domain name i.e. drewkam.googler.com or www.bananarep.com/x/drewkam/f02hf3892332
• Weird sentences in messages: Hi, I found your website through google and thought your site is great!
• Poor grammar in the messages: Hi, I fuond your website throgh google and thought your site is grate!

You get the picture?

In any case, the trend is dangerous – Facebook already had a showdown with privacy groups crying foul at their privacy policies.  It’s only a matter of time before the rest of the social network arena (Hi5, Friendster, Orkut to name a few) is compromised on a massive scale to the delight of these evil-net-scum. Actually, thinking about it – what’s the difference between facebook and phishers? They both want to sell our data one way or another – just that one does it with our “apparent” consent and the other steals it.

Anyway, while you ponder that perhaps there are a few things you can do to check the legitamacy of twitter people and your own account.

Happy tweeting!