How bad Twitter links & apps can trick you

For more about tricks spammers and hackers use, read “How spammers attack Twitter.”

1. You can do nothing wrong, and still get hacked or hijacked!

Here’s why, and what you can do about it:

  1. You could think you are logging into Twitter.com, but not notice it is a lookalike phishing site.
    How to prevent this: Don’t login to Twitter.com unless you typed it in, or you read “twitter.com” in the URL bar of your browser.
  2. If your user information is stolen somewhere else, you could get hacked on Twitter.
    How to prevent this: Use unique passwords on each site you login to.
  3. Twitter can block a link from the bad guys, but in the next tweet you see, the bad guys can have replaced it with a working link.
    How to prevent this: Be careful what you click, and warn others if you learn of problems.
  4. An infected computer can steal your login info.
    How to prevent this: Keep your anti-virus up-to-date, and don’t login on computers that you don’t manage yourself.
  5. Using Twitter over a wireless connection (or on a compromised network) can expose your user information.
    How to prevent this: Turn on “HTTPS Only…Always use HTTPS” at http://twitter.com/settings/account

2. How it starts

Imagine you see a link in a tweet that says “OMG! Read the latest blog post from Twitter about this Twitter app!” and click it. Let’s look at six common things that can happen next:

  1. It can take you to the latest blog post from Twitter.
  2. It can take you to something that isn’t the latest blog post from Twitter, but tries to pretend it is. In other words, a malware or spam page.
  3. It can take you to an advertising page selling something, which can be either spam or malware.
  4. It can take you what looks like the authorization page for a Twitter app. This can be a real app that has NO bad intentions; a real app that DOES have bad intentions; a fake app page (usually with a spot to type in your username and password).
  5. It can take you to some version of a login page, for example, something that looks like Twitter.com after you have logged out. This is the worst case. It’s trying to get you to believe you have somehow been logged out of Twitter.com due to an error, hoping you will click to login so they can steal your login info and hack your account. If successful, not only can your Twitter account be hacked, they may try your login info on other popular websites like Facebook, Yahoo, LinkedIn etc and see if they can hack into those accounts as well.
  6. It can take you nowhere, possible because it used to lead to an app Twitter has suspended, or a link that has been blocked.

3. Warn others even after Twitter catches bad links

Option 6 means Twitter is protecting you. So you might figure that other people who click the Tweet don’t need to be warned, since Twitter has blocked the bad stuff. But the bad guys, as soon as they detect that a link or site has been blocked, keep tweeting the same or similar things with new links and websites that do the same bad things. And until Twitter catches it again, more people are spammed or infected with malware.

This is one reason spammers and accounts that send malware links try to create a lot of Twitter accounts, so that they can keep tweeting links to bad stuff. They will vary the text to avoid detection, and change the links to replace links that have been caught with new ones.

Also, realize that many advertising pages are not really designed to sell you something, they are designed to infect your computer or steal your personal information. So even if you’re positive something seems like “harmless” spam, it can be very dangerous.

So if you ever see multiple spam-like messages that you fear others may click on, or click yourself and find it blocked, it’s worth warning others. (Of course, some messages may seem very obvious that you should NOT click on them, and I understand that  you might not want to warn people about them.)

4. Protect yourself and others

  1. Never login to Twitter.com from a link. You should type “Twitter.com” into your browser by hand if you think you need to login, or at the very least, read the URL at the top of your browser very carefully to ensure you really ARE at Twitter.com.
  2. If you think you have been hacked http://bit.ly/BlockBadApps and read http://bit.ly/IfTwitterHacked (tweet this advice).
  3. If someone you trust even a little seems to be sending bad links, DM them and @ them to let them know they may have been hacked.

5. What Twitter does

Besides suspending bad apps (eventually) and blocking bad links (eventually) Twitter may reset passwords on accounts that have been hacked, especially if thousands are hacked at the same time. The @spam @safety @support accounts will tweet or retweet warnings or explanations of problems. And Status.Twitter.com will often share information if a hack becomes very, very widespread. Also, Twitter removes scams and spams hourly and daily.

6. Ways your Twitter account can get hijacked

  1. Your computer can be infected, and whoever is controlling the malware already on your computer can decide to use it to compromise your Twitter account (if the malware is designed to be able to do that). Just being infected doesn’t mean information can be stolen from your computer. Not all malware works in that way
  2. You can give your Twitter account to some site that asks for your Twitter login (even if you did this long ago), either thinking it is okay, or because you were fooled into thinking you were logged out of Twitter.com
  3. You are using a wireless connection, and have not set your Twitter account to https, and your login info is stolen through the air.
  4. You are using a wireless connection, and HAVE set your Twitter account to https, but someone has been “listening” in for awhile and has cracked your information or figured out how to initiate a “man in the middle” attack that fools your computer into thinking it is connecting to Twitter.com directly when it isn’t. These scenarios are exceedingly unlikely, but still possible.
  5. You click something that pops up while browsing the web asking you to authorize something that turns out to be malware.
  6. You use the same password on more than one site, and someone stole your password from one site and is now using it to hack into your Twitter account.

Realize that you can be hacked or infected even if you have done nothing wrong. When a company gets hacked, hackers often try the usernames and passwords they have stolen from the company on other sites. So if you used a company years ago for your email address and stopped using them years ago but didn’t delete your account, if they are hacked, and you use that password on other sites, you could be hacked on those other sites. Yes, they would have to figure out your username, but if you also use the same username or email address on multiple sites, hackers with stolen passwords have all they need.

7. How to make unique passwords easy:

Best is to add a letter to the end of each password so they’re different on each site. For example, if your password is 1W#m3H$ change it by adding a letter that corresponds to the site you’re on:

  1. 1W#m3H$T for Twitter
  2. 1W#m3H$F for Facebook
  3. 1W#m3H$L for LinkedIn
  4. Etc.

Also, although you CAN visit a site that infects your computer just by visiting, or that steals your login info, this is rare. It mostly only happens to people who are not using anti-virus programs or whose anti-virus programs are somehow not working properly. For example, adding an anti-virus program to an already infected computer will not necessarily get rid of all malware.

More commonly, you would have to authorize something that the website pops up before you’re in trouble. Also, stealing your Twitter login info directly just by visiting a site in this way is no longer possible, (though it used to be).

Click here to return to top of article

 

1,227 thoughts on “How bad Twitter links & apps can trick you

  1. Excellent site. Plenty of helpful information here. I am sending it to several friends ans also sharing in delicious.
    And certainly, thanks on your sweat!

  2. A vacuum-cleaner is the most effective of cleansing tools; it can also be the
    more costly. You can find several different kinds of hoover with many different features.
    Therefore prior to purchasing a top-rated vacuum-cleaner be sure to know what
    kind of vacuum is most appropriate for your needs.

    Selecting the finest hoover can be confounding. To simply help
    make issues clearer you should know what the different sorts of vacuum are, what the primary qualities it is
    possible to find on a vacuum-cleaner, and desire you type of floors you’ll be using a hoover on.

  3. Hey there! Someone iin myy Myspace group shared
    this site with us so I came to take a look. I’m definitely enjoying the information. I’m book-marking
    and will be tweetingg this to my followers! Great blog
    and superb design.

    Here is my page; Google排名

  4. This is actually the illustration why this is actually vital in order to regularly possess access in order to Simoniz pressure washing machine components in the
    event the requirement in order to change a little something emerges.
    One benefit included cleaning machines has more than their
    top packing counterparts is that these guys plunge outfits rather than flustering all
    of them. You have to deal with the energy washer hole, within this situation the clean water hose to the stress washer, despite
    the fact that the stress washer is only a gallon or more gallons a minute.

  5. Please let me know if you’re looking for a article author
    for your blog. You have some really good articles and I feel I
    would be a good asset. If you ever want
    to take some of the load off, I’d really like to write some
    articles for your blog in exchange for a link back to mine.
    Please send me an email if interested. Kudos!

    My weblog; create a blog

  6. There just is something about receiving an unexpected gift, particularly if it’s one as bright and exquisite as a creative display of your favourite
    flower. With the help of a trusted florist you may create a bright, beautiful bouquet that is the tasteful and symbolic
    expression of one’s feelings. Usually people give flowers, chocolates, wine,
    and valentine`s heart shaped cards using a nice romantic some
    love poem. There are some special occasions which simply look incomplete without fresh flowers
    - such being a wedding ceremony. Do not bring your works, tell your sweetheart “I’m All Yours”, try and finish your work
    before valentine. The online directory contains various information details
    for example the professional florist course which is undertaken by a number of from the
    online flower dealers.
    The best method to express your gratitude towards an individual is to transmit
    him/her a lot of flowers using a card with words like ‘saying just thanks just isn’t enough’.
    Others might be celebrating a significant event being a job promotion.
    You might be acknowledging an accomplishment such as an excellent music recital.
    While the somber celebrations inside the Russian Orthodox Church are
    accompanied by the white flowers mostly, the acceptance of the other colors can also be getting stronger.
    Heart shaped chocolates, cookies, soft toys and cakes would be the romantic gifts which have dominated the valentine
    gifting scene. More personal occasions can also be great events to acknowledge with blossoms.
    Flower delivery chandigarh on the birthday shows caring and makes all the recipient feel appreciated.

    More personal occasions may also be great events to identify with blossoms.
    Flower delivery chandigarh over a birthday
    shows caring and makes the recipient feel appreciated.
    The gift wrapping has brought on new proportions and you will now gift your
    partner a chocolate teddy gift wrapped in amazing type of a heart shaped bouquet that conveys your true emotion.
    Most women are delighted for florist deliveries of their favorite color roses (even though it is
    a single rose) since it demonstrates to you care enough to order their best
    color. Choosing your loved one’s favourite color as a theme can be a popular choice of many
    flower buyers. You can easily send flowers to chandigarh with highest quality flower delivery in chandigarh service
    from every occassion flowers.

  7. Here are some of the biggest mistakes you can make and why
    you should do everything you can to avoid them.
    We want our customers to find us approachable and easy to
    deal with. With Google having such a strong influence on how consumers research and shop for products on the internet, local businesses and online entrepreneurs should adhere to what Google advises us to follow in regards to high rankings in the
    search engines. Company event planning will be a complex beast that needs budgeting, designing and execution. Remember, one blog per week on your website is
    the basic minimum you should aim for. And did you know
    that these advertisements are all customized based on the
    information you provided in your Facebook profile about
    your hobbies, your interests, your political views, your favorite TV shows,
    favorite foods, your education and your employment status, and
    even items that you have recently Liked or became a fan of.

    What is search engine optimization in relation to social
    media marketing. When the right search engine marketing processes are played an internet site
    comes to be highlighted within the popularity range. Many social networking sites have privacy settings that you can set, but remember
    the default settings aren’t always the best settings.

    To be a successful publisher you must first have a great product that
    has a clear target audience, your product needs to answer a common problem people
    have.

    my web site boca raton internet marketing guru

  8. Just before he is about to carry out his revenge plot full murderousness, Bob asks Bart if he has any last requests.
    We also see some tears and high praise for some of
    the best dancers in the competition. Not only will you win huge points with your kids, but you’ll cement those happy memories of family nights watching
    American Idol, when you surprise them with tickets to the American Idol Live Tour.

  9. Have you ever thought about creating an e-book or guest authoring on other blogs?
    I have a blog based on the same ideas you discuss and
    would love to have you share some stories/information. I know my subscribers would value your work.
    If you are even remotely interested, feel free to send me an email.

  10. Pretty section of content. I just stumbled upon your website and in accession capital to assert that I acquire
    actually enjoyed account your blog posts. Anyway I’ll be subscribing to your feeds and even I achievement you access consistently quickly.

  11. And when these kiosks finally did begin to
    open they were scattered so sparsely throughout the park that
    tracking one down becomes an unintended attraction; it’s like a
    hydration treasure hunt. The Korean pop star Rain will star in “Ninja Assassin” from
    Warner Bros. Despite these clauses, occasionally things did occur that
    had the potential to destroy a star’s image.

    Feel free to visit my site Hollywood contact

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>