How bad Twitter links & apps can trick you

For more about tricks spammers and hackers use, read “How spammers attack Twitter.”

1. You can do nothing wrong, and still get hacked or hijacked!

Here’s why, and what you can do about it:

  1. You could think you are logging into Twitter.com, but not notice it is a lookalike phishing site.
    How to prevent this: Don’t login to Twitter.com unless you typed it in, or you read “twitter.com” in the URL bar of your browser.
  2. If your user information is stolen somewhere else, you could get hacked on Twitter.
    How to prevent this: Use unique passwords on each site you login to.
  3. Twitter can block a link from the bad guys, but in the next tweet you see, the bad guys can have replaced it with a working link.
    How to prevent this: Be careful what you click, and warn others if you learn of problems.
  4. An infected computer can steal your login info.
    How to prevent this: Keep your anti-virus up-to-date, and don’t login on computers that you don’t manage yourself.
  5. Using Twitter over a wireless connection (or on a compromised network) can expose your user information.
    How to prevent this: Turn on “HTTPS Only…Always use HTTPS” at http://twitter.com/settings/account

2. How it starts

Imagine you see a link in a tweet that says “OMG! Read the latest blog post from Twitter about this Twitter app!” and click it. Let’s look at six common things that can happen next:

  1. It can take you to the latest blog post from Twitter.
  2. It can take you to something that isn’t the latest blog post from Twitter, but tries to pretend it is. In other words, a malware or spam page.
  3. It can take you to an advertising page selling something, which can be either spam or malware.
  4. It can take you what looks like the authorization page for a Twitter app. This can be a real app that has NO bad intentions; a real app that DOES have bad intentions; a fake app page (usually with a spot to type in your username and password).
  5. It can take you to some version of a login page, for example, something that looks like Twitter.com after you have logged out. This is the worst case. It’s trying to get you to believe you have somehow been logged out of Twitter.com due to an error, hoping you will click to login so they can steal your login info and hack your account. If successful, not only can your Twitter account be hacked, they may try your login info on other popular websites like Facebook, Yahoo, LinkedIn etc and see if they can hack into those accounts as well.
  6. It can take you nowhere, possible because it used to lead to an app Twitter has suspended, or a link that has been blocked.

3. Warn others even after Twitter catches bad links

Option 6 means Twitter is protecting you. So you might figure that other people who click the Tweet don’t need to be warned, since Twitter has blocked the bad stuff. But the bad guys, as soon as they detect that a link or site has been blocked, keep tweeting the same or similar things with new links and websites that do the same bad things. And until Twitter catches it again, more people are spammed or infected with malware.

This is one reason spammers and accounts that send malware links try to create a lot of Twitter accounts, so that they can keep tweeting links to bad stuff. They will vary the text to avoid detection, and change the links to replace links that have been caught with new ones.

Also, realize that many advertising pages are not really designed to sell you something, they are designed to infect your computer or steal your personal information. So even if you’re positive something seems like “harmless” spam, it can be very dangerous.

So if you ever see multiple spam-like messages that you fear others may click on, or click yourself and find it blocked, it’s worth warning others. (Of course, some messages may seem very obvious that you should NOT click on them, and I understand that  you might not want to warn people about them.)

4. Protect yourself and others

  1. Never login to Twitter.com from a link. You should type “Twitter.com” into your browser by hand if you think you need to login, or at the very least, read the URL at the top of your browser very carefully to ensure you really ARE at Twitter.com.
  2. If you think you have been hacked http://bit.ly/BlockBadApps and read http://bit.ly/IfTwitterHacked (tweet this advice).
  3. If someone you trust even a little seems to be sending bad links, DM them and @ them to let them know they may have been hacked.

5. What Twitter does

Besides suspending bad apps (eventually) and blocking bad links (eventually) Twitter may reset passwords on accounts that have been hacked, especially if thousands are hacked at the same time. The @spam @safety @support accounts will tweet or retweet warnings or explanations of problems. And Status.Twitter.com will often share information if a hack becomes very, very widespread. Also, Twitter removes scams and spams hourly and daily.

6. Ways your Twitter account can get hijacked

  1. Your computer can be infected, and whoever is controlling the malware already on your computer can decide to use it to compromise your Twitter account (if the malware is designed to be able to do that). Just being infected doesn’t mean information can be stolen from your computer. Not all malware works in that way
  2. You can give your Twitter account to some site that asks for your Twitter login (even if you did this long ago), either thinking it is okay, or because you were fooled into thinking you were logged out of Twitter.com
  3. You are using a wireless connection, and have not set your Twitter account to https, and your login info is stolen through the air.
  4. You are using a wireless connection, and HAVE set your Twitter account to https, but someone has been “listening” in for awhile and has cracked your information or figured out how to initiate a “man in the middle” attack that fools your computer into thinking it is connecting to Twitter.com directly when it isn’t. These scenarios are exceedingly unlikely, but still possible.
  5. You click something that pops up while browsing the web asking you to authorize something that turns out to be malware.
  6. You use the same password on more than one site, and someone stole your password from one site and is now using it to hack into your Twitter account.

Realize that you can be hacked or infected even if you have done nothing wrong. When a company gets hacked, hackers often try the usernames and passwords they have stolen from the company on other sites. So if you used a company years ago for your email address and stopped using them years ago but didn’t delete your account, if they are hacked, and you use that password on other sites, you could be hacked on those other sites. Yes, they would have to figure out your username, but if you also use the same username or email address on multiple sites, hackers with stolen passwords have all they need.

7. How to make unique passwords easy:

Best is to add a letter to the end of each password so they’re different on each site. For example, if your password is 1W#m3H$ change it by adding a letter that corresponds to the site you’re on:

  1. 1W#m3H$T for Twitter
  2. 1W#m3H$F for Facebook
  3. 1W#m3H$L for LinkedIn
  4. Etc.

Also, although you CAN visit a site that infects your computer just by visiting, or that steals your login info, this is rare. It mostly only happens to people who are not using anti-virus programs or whose anti-virus programs are somehow not working properly. For example, adding an anti-virus program to an already infected computer will not necessarily get rid of all malware.

More commonly, you would have to authorize something that the website pops up before you’re in trouble. Also, stealing your Twitter login info directly just by visiting a site in this way is no longer possible, (though it used to be).

Click here to return to top of article

 

1,281 thoughts on “How bad Twitter links & apps can trick you

  1. Kitchen remodeling is done not only to improve the look of the kitchen but
    also to improve the functionality of the kitchen. Reusing gray water can be a
    good move for you and the environment, if it is done correctly and responsibly.
    Whatever form of finish end result you’re looking for with your kitchen area you will
    find a selection of fabulous kitchen area styles that may fit your desires flawlessly.

    Here is my page … pompano west palm beach plumbers palm beach fl

  2. This is because this device assures to either benefit or cure the autistic people in more ways than one.
    Based on their experience, they could know how much is required
    before going into details. You need to make your potential customers aware of your products and services to ensure that they recognize them as valid
    solutions to their everyday problems.

    My web blog: Google

  3. Good day! Do you use Twitter? I’d like to follow you if that would be ok.
    I’m undoubtedly enjoying your blog and look forward to new posts.

    My blog – repair sgs3 screen (Clint)

  4. hey there and thank you for your info – I’ve certainly picked up anything new
    from right here. I did however expertise sdveral technical issues using this website, as I experienced to reload
    the website a lot of times previous to I could get it to load properly.
    I had been wondering if your hosting is OK?
    Not that I’m complaining, but sluggish loading instances times will very frequently affect your placement in google and could
    damage your high quality score if advertising and marketing with
    Adwords. Anyway I’m adding this RSS to my emaikl and could look out for a lot more of your respective
    exciting content. Make sure you update this again soon.

    My webpage :: wildlife industry south africa (http://www.safaristours.net/)

  5. I do not know if it’s just me or if perhaps everyone else experiencing problems with your site.
    It appears as though some of the written text in your posts are running off the screen.
    Can somebody else please provide feedback and inform me if
    this is occurring to them as well? This could be a issue with my browser because
    I’ve had this happen previously. Many thanks

  6. A quoi sert de gagner de l’argent sur les options binaires
    si on ne peut pas retirer nos gains ? C’est pour ne
    plus devoir poser cette question, que nous avons décidé de vous proposer les meilleurs brokers d’options binaires régulés en Europe mais aussi en France par
    les organismes de régulation tel que l’AMF-l’ACP-Banque de France.
    Ayant nous même subi l’arnaque de certains brokers mal attentionnés
    nous avons décidé d’agir et de créer ce comparatif.

    My blog post france options binaires

  7. Hallo zusammen Hey! Jemand in meinem Myspace Facebook-Gruppe teilte diese Website
    Website mit uns so kam ich zu geben ihm einen Blick.

    Ich bin auf jeden Fall genießen lieb die Informationen. Ich bin Buch-Kennzeichnung und wird meine Anhänger werden diese twittern! Außergewöhnliche
    amazing Stil und Design. hier. Ich werde Rückkehr Blog für mehr
    bald. und mit
    Ich bin wirklich wirklich dankbar zum Inhaber enormen post unter in dieser Zeit.
    Website ‘s Post regelmäßig aktualisiert werden Haben Sie Interesse an Trading-Austausch sein? Meine Website umfasst eine Menge von den gleichen Themen Themen wie Sie und ich
    fühlen glaube Wir könnten stark voneinander profitieren. Sie Shooting mir eine E-Mail.
    Ich freue mich von Ihnen zu hören! Superb Blog übrigens!

    für Blog, ich Ihnen von Fehler gefunden etwas anderes, Sowieso
    Ich bin jetzt hier und möchte nur sagen, vielen Dank danke unglaublich spannend Blogs (ich liebe auch das Thema / Design),
    ich habe keine Zeit, um zu lesen, durch Z alles auf die Minute Moment,
    aber ich habe Buch-Kennzeichnung Lesezeichen und es auch aufgenommen in Ihre RSS-Feeds hinzugefügt,
    so, wenn ich Zeit habe werde ich zurück sein, las sehr mehr, Bitte halten Sie die genial b.
    für Blog, ich Ihnen von
    Hallo Hallo! Weißt du, ob sie irgendwelche Plugins zu machen unterstützen Suchmaschinenoptimierung?
    Ich versuche, mein Blog, um für einige gezielte Keywords Rang bekommen, aber ich bin nicht zu sehen sehr gute Ergebnisse Gewinne Wenn Sie einen kennen bitte teilen. Kudos

  8. It was disgusting, yet funny, and calmed viewers down before the next
    action. If you’re looking for a little five star luxury then this holiday park right on the beach
    will suit you down to the ground. I had good luck at the Brazilian Embassy by getting my visa
    a few days ahead of schedule. Also, Amazon and E-bay both have
    free shipping – ‘A very easy way to shop’. Though it is a very small island, only about nine square miles, its fame today comes from both its underwater treasure—and a fellow named Michael Crichton. Zion Narrows is a river
    gorge where the walls are only 24 feet apart and over 1,000 feet high.
    Singapore packages are quite incomplete without
    the mention of a few other places as well. It’s a must-have
    for every home entertainment library. In fact, a lot of people are
    against ever purchasing plastic outdoor furniture and cannot even understand why and how there is
    still a market for such products. “Character cannot be developed in ease and quiet.

    my weblog … jurassic park builder cheats android

  9. Thanks for your personal marvelous posting!
    I actually enjoyed reading it, you could be a great author.I will remember to bookmark your blog and will come back
    in the future. I want to encourage one to continue your great work, have a
    nice weekend!

  10. hello!,I like your writing very much! percentage we be
    in contact more about your post on AOL? I need an expert in this house to solve my problem.
    May be that is you! Having a look forward to peer you.

    My page … Mr. Green

  11. Finally, you may notice that your skin care products
    contain peptides. Allow it do the job overnight and within few days, you may discover the mole fading off.
    Probably one of the most important components of skin health is
    Vitamin A.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>