— Posted in Social Media
Protect Yourself from Phishing Attempts on Twitter and Facebook
I have seen so many instances lately of facebook statuses or emails from people that are obviously not generated by them but instead by someone who phished their account. Phishing is certainly nothing new but phishers are becoming more creative and there is starting to be a surge of people falling for these type of scams. So here is what you need to know to protect yourself on Twitter and Facebook.
Twitter Phishing – Twitter is an amazing tool…it brings us live feeds from around the world that we can search through to find information on news or anything else we are interested in. However, with Twitters open environment and simplicity it makes it a breeding ground for scammers and thieves. Twitter in my opinion is the most insecure platform on the planet…and if numbers and news stories are any indicators the scammers agree with me.
As I say that, it’s not that I believe Twitter has created a sub-standard product or doesn’t care about security it’s just the platform they use with such openness breeds insecurity. So for example, let’s say someone has created a hack or an exploit they want to place on your computer so they can then use your computer as a bot to go wreak havoc on the internet. Well before twitter they had to reach out to you, send you an email, place a fake ad on a site and hope you would click on it to get you to download their malicious code but now Twitter has given them an easy platform for you to reach out to them.
One of the ways to accomplish this easily is to use the trending topics against you. If everyone in the world is focused on one news story or event or person…it’s the perfect place for the scammer to inject himself. He can create a tweet about whatever topic is trending and instead of linking to the story just link to a page that installs spyware or a page that makes you think you somehow logged out of twitter and allow you to enter your credentials right into their database. This problem is compounded on twitter because everyone uses shortened URL’s to stay within the 140 character requirements so links aren’t clearly visible. So how do you protect yourself? Simple, you use common sense. If you don’t know someone, don’t click their link. If someone you do know sends a DM like I thought you might be interested in this, don’t click the link. If you truly want to find something that is on Twitter but the link comes from an unknown source…Google the info instead. The other piece of information that will save you time and time again it to NEVER user your username and password on any site other than Twitter.com or through their OAuth service which I will talk more about in a bit.
Facebook Phishing – I am seeing so many people lately who all of a sudden start posting a status every hour for a new fan page they joined or a new event they are attending, only problem is it’s not my friends it is the people who phished their accounts. Right now the biggest way to phish your account on facebook is to use your vanity against you! I think social media in general has made us very self important, we want people to read the most mundane things about us and “like” them and leave witty comments! And that is what the spammers are using against us. Ever see those “groups” that tell you that you can see who has been viewing your profile? Of course you have they are everywhere…but what a lot of people don’t realize is there is nothing legitimate about this. This scam is designed to use social engineering of human curiosity and vanity to simply steal your login and password. There is no technology available for you to see who is viewing your profile. None period, no way to see who looks at your pics all day, no way to see if your crazy ex girlfriend stalks you, this technology does not exist. Any page promoting a service like this is designed for one thing and one thing only to steal your information. Once some one joins one of these “groups” and gives the spammers their login credentials, you will start to see a stream of this friend joining every spying app out there and inviting all their friends several times a day to join them. Don’t let your vanity or curiosity overcome your common sense, stay away from these apps.
Now while I think the spying apps are the number one threat on Facebook right now there are so many others. Many target gamers. Facebook has a huge gaming community that is addicted to their favorite game and scammers hope to capitalize on that. Any page, group or app that offers you free items, game cash or other freebies outside of the game is a scam! I have yet to see one page that promised something that it actually delivered. What it really does is gets your attention by promising a second chicken coop or 30 billion mafia dollars and then requires before it gives it to you that you become a fan and invite all your friends. You will never get you free gift and you have set yourself and all of your friends up to possibly be phished.
Facebook scam pages all have some tell tale signs this is what you are looking for. Like I mentioned above anything talking about people seeing your profile or offering you a free game prize are 100% off limits. But there are other creative approaches but the signs are all the same. Fake pages will usually not have anything on their information tab. Also check the wall tab if there are no posts there but the site has 1 million fans there is a problem. Active groups should have activity if they don’t it’s a tell tale sign something is not right. Many scam pages have also started using a little creativity in regards to this…usually a scam page will have 4-5 “sample” comments on the main page usually if you click on any of these people you are just re-directed back to the page you are already on. Also be weary of any page that makes you become a fan or invite your friends before you get to see the info. If the content was worthy it would not be necessary for them to ask you to do these steps before you have had a chance to check out what they are offering.
One thing to keep in mind is both Facebook and Twitter offer officials ways to use your logins on third party sites. You should never put in your username and password unless you are doing it through these official services. Facebook has Facebook Connect which is a secure way to use your login on a third party site without the third party vendor having direct access to it. Collection of your username and password through any other format is a violation of the Facebook TOU. Twitter has a similar service called OAuth which also allows you to log in using Twitter but does not pass your information along to the third party. Both of these services are designed to protect the integrity of your login, if a site is not using this to collect your information not long after you enter it you will find that you have a problem. Even if you see these it’s still not 100% because at least with Facebooks option these things could be duplicated atleast in look and feel and if they haven’t already, they will be soon no doubt. So make sure you know the company you are using these 3rd party logins with are reputable.
Another thing to note is that Facebook does not vet it’s applications at all. There is no process to check what they do, who created them or if they are filled with malicious code. Facebook believes that open walls create more creativity and while that is very true in theory it’s also a breeding ground for malicious behavior. So everyone should be aware…apps are swim at your own risk kind of things!
This blog post went on so much longer than I originally anticipated but our social media profiles are precious to us they have our friends, pics of our families and a journal of our life. So I think protecting these pages is important and the more people that understand how to do that the harder it will be for spammers to take advantage.