Heeeere phishy phishy phishy! (to quote the great Ernie from Sesame Street)
Like anything that gets popular, there are unruly folk out there trying to fark up our fun. Lately its been attacks against the fine people in Twittertown.
Phishing is nothing new. It happened years ago with emails from Paypal, eBay, your bank etc that mentions you must go “RIGHT NOW” to this website to do something for your account or it would be terminated/explode/massive bum rash if you didn’t. (btw, phishing isn’t “hacking”. No one is sweating for hours, banging out code trying to get into your account)
Phishing is “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” (via Wikipedia.)
This is what happens on a Twitter phishing expedition:
- You get a Direct Message from someone you follow:
- Being the narcissistic ego-maniacs “self-interested” people that we are, we obviously want to see what great video we may be in (or not-so-great) so we click on the link
- Up pops a login screen asking for your Twitter name and password
- People thinking it’s something to do with Twitter, they login
- SET THE HOOK!!! You’ve now been phished.
- The people who now have your login info use it to send other people DM’s with the same trick
- A little while later they start sending out spam notices like this:
Now it looks like you are raving about the $19 you made using Google, etc, and you are none the wiser until you start getting DM replies back from “friends” with gems like “WTF??” and “SPAMMER!!! BURN HER!!”
So this is where I ask you to go easy on your fellow Twits. I know people should be vigilant in checking URL’s and not giving away their private information but the kicker about phishing through DM’s on Twitter is that they leverage trust from people. The wording is so basic and innocent, I’ve even clicked on them (See kids, this is called being transparent in a blog). Now I haven’t given my info to any of them, but that’s because I spend more time online than a 15 year old who just hit puberty so I’ve dealt with this stuff all the time.
What to do if you have been phished
- Change your password. No one got access to your account because you used your pet’s name as your password (you do don’t you??). It doesn’t matter how crafty you’ve made it, if you hand them your login info, it’s like they’re psychic like John Edward, except they actually know stuff
- Check who has access to your account by going here. It shows who you have authorized to use your account. Now don’t crap the bed if there are companies listed there. I have 18 apps that have access to my account for various reasons. But if you don’t recognize one and want to yank them out, just click “revoke access”.
- Stop giving your info out! You should never give your info to any site that asks for it unless you are wanting them to. It’s your reputation/business here. Giving out your login to anyone is like wearing your bank card PIN on your t shirt and wandering the back streets of Vegas at 3am. Not saying I’ve done that…. ummm…
So if someone sends you a DM that is out of character, be nice, reply back to them that they should change their password. It could happen to you, you’d already feel bad enough and could probably use a helpful reply 🙂
Thoughts? Comment below!
Like this post? Subscribe! It also makes you 45% awesomer.
UnBootCamp just launched! Wicked.Tweet