Monday, May 7, 2012

Don’t Let the ‘Bad Rumors’ DM Phishing Scam Hijack Your Twitter Account

Twitter BirdOh no! Is someone spreading nasty rumors about you on Twitter?!

If you receive a direct message (DM) on Twitter claiming that there’s somebody out there that’s dragging your name in the dirt, don’t bother clicking on the link attached.

If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying that someone is spreading lies about them.

Then they’ll click the link and have their credentials stolen, spam will begin flowing from their accounts and their followers will receive the same message, resulting in a never-ending cycle of Twitter account hijacking. Good job.

If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now.

Reason being: they're all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same. People simply cannot resist finding out what's so funny or checking out the bad blogs being written about them.

Here’s How the Twitter ‘Rumors’ Phishing Scheme Works

  1. You login to Twitter and check your DMs, only to find that one of your Twitter pals sent one of the following messages with a TinyURL link attached to it:

    • Hey someone is saying nasty rumors about you… [LINK]

    • Hello some person is making really bad rumors about you.. [ LINK]

    • Hello this user is making some very bad rumors about you… [LINK]

    • Hello some person is posting horrible things about you… [LINK]

    • Hi somebody is making terrible rumors about you... [LINK]

    • I cant believe this but there are some real nasty things being said about you here [LINK]

    • Hey slut has been making up some nasty stories about you.. [LINK]

    • YO! someperson is making upsome some nasty lies about u [LINK]

  2. Twitter Phishing PageNot wanting to have your reputation tarnished (or possibly suffering from a bad case of curiosity), you click on the link and you're redirected to a website that looks a lot like the Twitter login page (Tip: it’s not – check the screenshot provided).

  3. Failing to realize the site is fake, you enter your Twitter login and password, which is sent off to the scammers.

  4. Your account will begin spamming diet scams to all of your followers and all of your Twitter followers are sent the same misleading Twitter DM, which takes them to a Twitter login phishing page to steal their Twitter login as well.

What to Do if You Get a Phishing DM on Twitter

If you receive one of the phishing DMs shared above – and it’s likely that you will at some point – then it’s recommended that you do the following:

  1. Refrain from clicking on the link included in the DM.

  2. Report the DM to Twitter.

  3. Delete the DM.

Have you received any of the “bad rumor” DMs on Twitter?

Also Read: What to Do When Your Twitter Account Has Been Compromised

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment