Home » Social Media » A Twitter Warning – “When I Saw This About You”

A Twitter Warning – “When I Saw This About You”

27 September 2011

Passive Guy regularly receives direct Twitter messages like:

“When I saw this about you i could not stop laughing haha”

The Tweet is followed by a link. If you click the link, you’re taken to a location which asks you for your Twitter ID/Password. Here is a safe look at what such a page might look like.

All the variations of these are scams to hijack your Twitter account. PG mentions it because he received several Tweets that look like this from authors this morning – nobody PG knows, but their profiles look like they are legitimate authors whose Twitter accounts have been stolen.

It even happened to an Australian bank:

The Bank of Melbourne had a bit of a problem last week. Someone compromised their Twitter feed and sent Phishing messages to their followers, many of whom are customers. The malicious links however, sent via direct message to avoid notice, were nothing spectacular and easy to spot with a trained eye.

The problem was discovered last Wednesday. Customers and individuals who follow the Bank of Melbourne on Twitter were sent malicious links via direct message. The messages were the same, aside from variations within the URL, generated with Twitter’s http://t.co address shortener.

Link to the rest at The Tech Herald

The practical consequences for an author trying to improve his/her social media profile is a whole bunch of your Twitter followers may dump you if your account is being used in a scam.

Social Media

7 Comments to “A Twitter Warning – “When I Saw This About You””

  1. Good warning, PG, but one thing – your tweet was structured exactly like the spam you’re warning against. I took a chance and clicked on the link, but I was a little worried that it would take me to the site asking me to enter my password.

  2. I got one of these and clicked on the link, but did not give my Twitter i.d. So glad I didn’t. It seemed “phishy” to me, but I have little experience with this kind of thing, so I couldn’t see what exactly they were trying to do.

  3. I received one of these as well, but didn’t enter any info. I did click to the link, though.

    They appeal to your vanity, then BAM.

    Evil genius.

  4. As a general rule (general meaning email, twitter, FB, or any other kind of electronic transmission) if someone sends you a link, regardless of whether you follow it, don’t log into anything from it. It may or may not be safe to follow, but there’s almost nothing you need to do where you actually need their link to log in.

    There are ONLY two exceptions: 1) If you registered a new account and you’re involved in the registration process. 2) if you’re performing a password reset and you requested a new password. If you KNOW you JUST DID one of these things, you’re probably good to go, though it still behooves you to pay careful attention to the link. If you’re not certain you JUST DID one of these things, you’re better off just assuming it’s a scam.

    If you get an email “from you bank” (twitter, wordpress, transcendental meditation club) and you want to log in to check something, just enter the address you already use yourself. You’ll save yourself a world of trouble this way.

    Rich (Providing an official opinion as a professional computer security guy)

    • Thanks for the official professional computer security opinion, Rich.

      I also use a feature of HootSuite (my preferred Twitter client) to check the real URL’s behind the shortened versions used by Twitter before I click.

      As a couple of other people have mentioned, there are often style and/or appearance clues that aren’t quite right.

  5. You can read another explanation in this Spanish blog:
    http://seguridad.servivation.es/2011/09/denegacion-de-servicios-utilizando-el.html

    Regards.

Sorry, the comment form is closed at this time.