Phishing scams are continuing to plague Twitter users, now through the platform’s Direct Message (DM) feature.
As many people know, with the DM feature, users can send direct twitter messages to people, without broadcasting to the entire community. The condition of DM is the DM sender has to be followed by the recipient. Thus, these messages are considered private between two parties, which creates a perception of trust.
This new type of attack is often launched through DM’s containing friendly and informative messages like, “this song is awesome 🙂 goo.gl/RxsZc6,” or “a new application is being released, register and get free data plan goo.gl/8kRbgo”.
Clicking this kind of link redirects users to urls that very closely mimic Twitter (such as https://twitery.tk/?user=187603111, https://twiter.party/__login/ or https://twiter.kim/) – but these domains are completely illegitimate. The website source code on these pages contain links to the legitimate Twitter domain, but they also contain nefarious links to other unknown domains.
When users enter their login credentials within the illegitimate page, their account information is immediately forged, their followers scanned, and now similar messages are then sent to each follower.
Google Chrome currently warns users of potential phishing threats:
By the end of March of this year, Twitter was averaging 236 million monthly active users. This is a gold mine for the “bad guys” who want to perpetuate
Here are some tips from Comodo to stay clear of this phising scam:
- If the email contains a link, don’t click on it.
- Instead of clicking on the link, type in the web address of the institution into the browser to access the website.
- Look out for common phishing language in DM’s like “Verify your account.”
- Legitimate businesses will not send you a DM to ask for your login information or sensitive personal information.
- Warnings that your account has been compromised, for example, are a common way to lure victims. Again, contact the company directly to inquire about a specific DM, rather than using any link or other contact information provided in the message.
- Be familiar with Twiitter’s security protocols and how you can protect your account: https://support.twitter.com/entries/76036-keeping-your-account-secure-safe-tweeting
Users must be aware of, basic security precautions and heed these warnings.