Saturday, July 16, 2011

Anatomy of Twitter DM Scam @cmt1

Source: http://www.drsfostersmith.com/images/Articles/a-anatomy-101-2.jpg
Update: Since writing this blog post this morning, I've received 3 similar messages to the one shared by Carol below....

  • this is you in the photo album right?
  • tell me if this blog is about you?

ORIGINAL BLOG ENTRY:

Earlier today, I received the following Direct Message from Carol Tonhauser (@cmt1). Since I hadn't had a conversation with Carol, I thought it might be an approach to get at my Twitter login/password. But how to get more info?

A quick google search revealed these approaches:
  1. Untiny.com via http://www.technize.com/reveal-destination-of-tiny-urls/
  2. URL2It - http://url2it.com/Tools/URL-Decoder.aspx
So, for fun, I copied the address in the original DM in my email:


And, then used Untiny.com to reveal where it pointed....

Notice that the address it extracted is another TinyURL...so, for fun, I pasted that in:
And, that took me to...


So, rather than use my regular browser, I opened another browser window in Incognito mode and here's what popped up...the problem, of course, is with the URL that appears in the window. It's not Twitter, is it?

I guess at this screen, I'm supposed to enter my Twitter login and password it will get my login information. Once it has that, then it will spam someone else.

What to do if you are compromised?
And...this advice is on target:
To protect your Twitter account from being hacked in the future, use a strong password that is difficult to guess...When logging into your Twitter account, ensure you are on Twitter's site before entering any sign-in information. Watch for any suspicious links in your Twitter feed or email, and ensure your computer's security software is up-to-date.Source: Danielle Gream

Finally, hope you have a "happy" ending....



Get Blog Updates via Email!
Enter your email address:
Delivered by FeedBurner
PingIt!

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

No comments:

Genuine Leadership #4: Gratitude