How bad Twitter links & apps can trick you

For more about tricks spammers and hackers use, read “How spammers attack Twitter.”

1. You can do nothing wrong, and still get hacked or hijacked!

Here’s why, and what you can do about it:

  1. You could think you are logging into Twitter.com, but not notice it is a lookalike phishing site.
    How to prevent this: Don’t login to Twitter.com unless you typed it in, or you read “twitter.com” in the URL bar of your browser.
  2. If your user information is stolen somewhere else, you could get hacked on Twitter.
    How to prevent this: Use unique passwords on each site you login to.
  3. Twitter can block a link from the bad guys, but in the next tweet you see, the bad guys can have replaced it with a working link.
    How to prevent this: Be careful what you click, and warn others if you learn of problems.
  4. An infected computer can steal your login info.
    How to prevent this: Keep your anti-virus up-to-date, and don’t login on computers that you don’t manage yourself.
  5. Using Twitter over a wireless connection (or on a compromised network) can expose your user information.
    How to prevent this: Turn on “HTTPS Only…Always use HTTPS” at http://twitter.com/settings/account

2. How it starts

Imagine you see a link in a tweet that says “OMG! Read the latest blog post from Twitter about this Twitter app!” and click it. Let’s look at six common things that can happen next:

  1. It can take you to the latest blog post from Twitter.
  2. It can take you to something that isn’t the latest blog post from Twitter, but tries to pretend it is. In other words, a malware or spam page.
  3. It can take you to an advertising page selling something, which can be either spam or malware.
  4. It can take you what looks like the authorization page for a Twitter app. This can be a real app that has NO bad intentions; a real app that DOES have bad intentions; a fake app page (usually with a spot to type in your username and password).
  5. It can take you to some version of a login page, for example, something that looks like Twitter.com after you have logged out. This is the worst case. It’s trying to get you to believe you have somehow been logged out of Twitter.com due to an error, hoping you will click to login so they can steal your login info and hack your account. If successful, not only can your Twitter account be hacked, they may try your login info on other popular websites like Facebook, Yahoo, LinkedIn etc and see if they can hack into those accounts as well.
  6. It can take you nowhere, possible because it used to lead to an app Twitter has suspended, or a link that has been blocked.

3. Warn others even after Twitter catches bad links

Option 6 means Twitter is protecting you. So you might figure that other people who click the Tweet don’t need to be warned, since Twitter has blocked the bad stuff. But the bad guys, as soon as they detect that a link or site has been blocked, keep tweeting the same or similar things with new links and websites that do the same bad things. And until Twitter catches it again, more people are spammed or infected with malware.

This is one reason spammers and accounts that send malware links try to create a lot of Twitter accounts, so that they can keep tweeting links to bad stuff. They will vary the text to avoid detection, and change the links to replace links that have been caught with new ones.

Also, realize that many advertising pages are not really designed to sell you something, they are designed to infect your computer or steal your personal information. So even if you’re positive something seems like “harmless” spam, it can be very dangerous.

So if you ever see multiple spam-like messages that you fear others may click on, or click yourself and find it blocked, it’s worth warning others. (Of course, some messages may seem very obvious that you should NOT click on them, and I understand that  you might not want to warn people about them.)

4. Protect yourself and others

  1. Never login to Twitter.com from a link. You should type “Twitter.com” into your browser by hand if you think you need to login, or at the very least, read the URL at the top of your browser very carefully to ensure you really ARE at Twitter.com.
  2. If you think you have been hacked http://bit.ly/BlockBadApps and read http://bit.ly/IfTwitterHacked (tweet this advice).
  3. If someone you trust even a little seems to be sending bad links, DM them and @ them to let them know they may have been hacked.

5. What Twitter does

Besides suspending bad apps (eventually) and blocking bad links (eventually) Twitter may reset passwords on accounts that have been hacked, especially if thousands are hacked at the same time. The @spam @safety @support accounts will tweet or retweet warnings or explanations of problems. And Status.Twitter.com will often share information if a hack becomes very, very widespread. Also, Twitter removes scams and spams hourly and daily.

6. Ways your Twitter account can get hijacked

  1. Your computer can be infected, and whoever is controlling the malware already on your computer can decide to use it to compromise your Twitter account (if the malware is designed to be able to do that). Just being infected doesn’t mean information can be stolen from your computer. Not all malware works in that way
  2. You can give your Twitter account to some site that asks for your Twitter login (even if you did this long ago), either thinking it is okay, or because you were fooled into thinking you were logged out of Twitter.com
  3. You are using a wireless connection, and have not set your Twitter account to https, and your login info is stolen through the air.
  4. You are using a wireless connection, and HAVE set your Twitter account to https, but someone has been “listening” in for awhile and has cracked your information or figured out how to initiate a “man in the middle” attack that fools your computer into thinking it is connecting to Twitter.com directly when it isn’t. These scenarios are exceedingly unlikely, but still possible.
  5. You click something that pops up while browsing the web asking you to authorize something that turns out to be malware.
  6. You use the same password on more than one site, and someone stole your password from one site and is now using it to hack into your Twitter account.

Realize that you can be hacked or infected even if you have done nothing wrong. When a company gets hacked, hackers often try the usernames and passwords they have stolen from the company on other sites. So if you used a company years ago for your email address and stopped using them years ago but didn’t delete your account, if they are hacked, and you use that password on other sites, you could be hacked on those other sites. Yes, they would have to figure out your username, but if you also use the same username or email address on multiple sites, hackers with stolen passwords have all they need.

7. How to make unique passwords easy:

Best is to add a letter to the end of each password so they’re different on each site. For example, if your password is 1W#m3H$ change it by adding a letter that corresponds to the site you’re on:

  1. 1W#m3H$T for Twitter
  2. 1W#m3H$F for Facebook
  3. 1W#m3H$L for LinkedIn
  4. Etc.

Also, although you CAN visit a site that infects your computer just by visiting, or that steals your login info, this is rare. It mostly only happens to people who are not using anti-virus programs or whose anti-virus programs are somehow not working properly. For example, adding an anti-virus program to an already infected computer will not necessarily get rid of all malware.

More commonly, you would have to authorize something that the website pops up before you’re in trouble. Also, stealing your Twitter login info directly just by visiting a site in this way is no longer possible, (though it used to be).

Click here to return to top of article

 

1,320 thoughts on “How bad Twitter links & apps can trick you

  1. I was wondering if you ever considered changing the layout
    of your website? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people could connect with it better.
    Youve got an awful lot of text for only having 1
    or two images. Maybe you could space it out better?

  2. of course like your website but you need to take a look at the spelling on quite a few of your posts.

    Several of them are rife with spelling issues and I in finding it very troublesome to inform the truth then again I will
    surely come back again.

  3. I know this if off topic but I’m looking into starting
    my own blog and was wondering what all is required to get setup?
    I’m assuming having a blog like yours would cost a pretty penny?
    I’m not very internet savvy so I’m not 100% certain. Any recommendations or advice
    would be greatly appreciated. Kudos

    Here is my blog post: Build Muscle Fast

  4. Adsense is actually a really great program for those
    who maintain blogs, as blogs get updated all the time
    and the Adsense possibilities are almost limitless.
    This will allow you to answer only those calls that come in on your forwarded toll free number and route other
    calls to different locations. But it seems Memorial Day wasn’t important enough to Google.

  5. After a quick lunch and a brief nap back at the mobile home, we resumed fishing about three o’clock and fished all the way until dark.
    The old art of stealth in carp fishing seems to be as dead as the dodo on most carp waters today and it seems to
    me that the average carp angler is so manically driven to get in a swim set up
    and cast out they have no idea it is far better to think like the fish and not an angler first and truly give carp the respect they deserve that will
    guarantee to give them the catches their strive so manically for.
    So, you will be guided accordingly and will learn better and faster.

    my web site: duck box plans design

  6. An important point to remember though is that Twitter
    is actually a social media site, so don’t go overboard with self
    promotion. Are you buying a new couch or writing a report on the effects of social media
    marketing. This caused me to investigate automated Twitter Software that would take care of many of
    my Twitter tasks. In the event you build a blog, you
    have a big database of articles from which to choose to add to
    ones Twitter database.

  7. Just desire to say your article is as surprising.
    The clarity in your post is simply spectacular and i can assume you’re an expert on this subject.

    Well with your permission allow me to grab your feed
    to keep up to date with forthcoming post. Thanks a million and please keep up the rewarding
    work.

  8. Musikschule Münster MOTET Internationale Musikschule Muenster(NRW)
    Musikschule Münster Musikunterricht Musikschule Münster für Kinder, Jugendliche und Erwachsene
    Musik lernen mit Spass. Musikunterricht für Saxophon, Klavier, Klarinette, AKUSTIK GITARRE, E-Gitarre, Akkordeon,
    Gitarre lernen, Münster, Akkordeon,NRW

    Musikschule Münster Musikunterricht Musikschule Münster für Kinder,
    Jugendliche und Erwachsene Musik lernen mit Spass. Musikunterricht
    für Saxophon, Klavier, Klarinette, AKUSTIK
    GITARRE, E-Gitarre, Akkordeon, Gitarre lernen, Münster,
    Akkordeon,NRW

  9. Adipex provided the same feeling that Phentermine (Ionamin) did.
    Adipex p stimulates hypothalamus in the brain as well as other neuron transmitters which runs
    during the body.

    Belly is not always unattractive but might be dangerous
    too. As soon because person drinks enough, each of the water weight lost has returned.
    reports

  10. Greatte post. Keep writing such kind oof info on your page.
    Im really impressed by it.
    Hi there, You have performed a fantastic job. I’ll definitdly digg it and individually suggest to my friends.
    I’m sure they will be benefited from this web site.

    Check out my page low cost Bathroom renovation (43things.com)

  11. I do not even know how I ended up here, but I thought this post was
    great. I don’t know who you are but definitely you’re going
    to a famous blogger if you are not already ;) Cheers!

  12. Hey this is somewhat of off topic but I was wanting to know
    if blogs use WYSIWYG editors or if you have to manually code with HTML.

    I’m starting a blog soon but have no coding knowledge so I wanted to get advice from
    someone with experience. Any help would be greatly appreciated!

  13. Hi there, There’s no doubt that your web site might be having web browser
    compatibility problems. Whenever I look at your website in Safari, it looks fine however, when opening
    in I.E., it’s got some overlapping issues.
    I simply wanted to give you a quick heads up!
    Besides that, great site!

    Feel free to visit my weblog famous quotes

  14. It’s actually a cool and useful piece of info.
    I’m satisfied that you shared this useful information with us.
    Please keep us up to date like this. Thanks for sharing.

  15. Hello there! I could have sworn I’ve been to this website before but after reading through some of the post I realized it’s new to me.

    Anyhow, I’m definitely glad I found it and I’ll be book-marking and checking back often!

  16. It is rooted strongly in the four natural elements: earth, air, fire, and water.
    I know that you’ll find guys like John Steinbeck,
    who I’m confident wrote that cartoon in which Bugs
    Bunny gets grabbed from the Abominable Snowman,
    but nobody reads anything John Steinbeck wrote, because we’re
    Americans, and now we cannot imagine spending our time reading this:
    . You use a set path – this is what I do, this is just what I’m great at, and exactly how can I utilize this to influence events and people within my ambit.
    Rise of Nations: Rise of Legends Rush for Berlin: Rush for the Bomb.
    Ebay can be a great way to get reduce old comic books
    as well. The deals for both Metro: Last Light and Company of Heroes 2
    will explain to you Monday, Sept. The figure depicts the brand new Black Widow of the comics, as sculpted by popular toy sculptor
    Steve Kiwus, and stands over six inches high. (I have taken the DECISION to study the workings of the human mind).
    We’ll just see how it happens,” or “I’m going to generate a deal with my relationship.

    The Aristocats begins with one particular mother’s explanation of her death will to her three
    young kittens. The beta lets you go online with as many as
    8 people in a very 4v4 match, or perhaps do an offline skirmish.
    Interview with David Davidar, former Publisher,
    Penguin Canada. Article Source: offers advice about action figures.

    Their websites are generally designed in such an elegant way.
    These were activities which eventually, if you’re anything near
    to normal, you found away from your comfort
    zone try not to anymore. The truth is that not only can you access Netflix outside of the USA through this process,
    but you can browse the internet just like you
    could had you been inside the United States. In addition to commonly a dozen or even more screenshots, in addition they provide links to the manufacturer’s website.
    While only 10 minutes may have passed in reality, half a century
    of game-time could possibly have elapsed in this period.

    Cheap personalized shot glasses may be made in pretty beautiful expensive looking wedding gifts.
    Elders are a historical mysterious race, able to defend their ancient homeland from the outside
    intrusion. Otherwise, these units will die of exposure as a result of the harsh conditions
    from the Russian blizzards. Sometimes these are names of birds or animals, like Panthers
    and Sharks, and may be associated with a colour.
    Our set-your-watch-to-it routines are turned the wrong
    way up by fundamental market shifts that render yesterday.
    Relic did please take a step to previous times by
    requiring one to manually target some of one’s attacks these times,
    that is odd and unwelcome. It appears as if we now have two
    voices speaking within us — the ego and the
    Higher Self.

  17. Everything posted made a ton of sense. But, what about this?
    suppose you were too create a awesome headline? I ain’t suggesting your information isn’t
    solid, howerver suppose you added a headline that makes
    people desire more? I mean How bad Twitter links & apps can trick you
    | Tweet Smarter is kinda plain. Youu should look at Yahoo’s
    home page and watch howw theey create article titles to get viewers interested.

    You might add a video or a related pic or two tto grab people interested about everything’ve written. Just my opinion,
    it would bring your posts a little bit more interesting.

  18. Howdy I am so delighted I found your web site, I really found you by accident, while I was looking
    on Aol for something else, Nonetheless I am here now
    and would just like to say thanks a lot for a fantastic
    post and a all round exciting blog (I also love the theme/design), I
    don’t have time to read it all at the minute but I have bookmarked it and also added in your RSS
    feeds, so when I have time I will be back to read much more, Please do keep up the
    excellent job.

  19. Näppäiletvain hakusanan “seksi Helsinki” ʝa löydät listan yhteisömme jäsenistä, jotka aeuvat pääkaupunkiseudulla.
    Minkälainen օn sinun mielestäsi seksikäs nainen oikeastaan.
    Voii mʏös olla, että muussa tapauksessaa еlämä
    voi olla täysin ilman paria.

    Review mʏ web blog; seks taktikleri, Laurene,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>