I'm fairly new at this Twitter thing, and I'm still prone to rookie mistakes. And for a few days, I was paying for one.
I occasionally get worthless tweets from folks about quick-and-dirty ways to build my traffic. Most of them are pure crap, by the way, but while some are harmless crap, others are more nefarious. I came across one -- GET 1000's OF FOLLOWERS, with a link. OK. I could smell the crap all the way from here, but I thought I'd take a look at it to, well, see what was going on. Research purposes, you understand.
I clicked on the link and immediately got the warning that the site was possibly one for phishing. For those who don't know what that is, phishing is when someone is trying to harvest information from you. Valuable information that you wouldn't give out otherwise. Like a password.
As soon as I saw that warning, I clicked on it to basically abort the mission. Supposedly, that was the end of that.
Not so. Soon after that, I noticed I had been making some real strange tweets, or more correctly, some jerkface was sending them out under my name. Every day. There would be some message credited to me, advertising some "service" that gives you thousands of followers. Or something. In social media, followers and friends are the coin of the realm. The more followers you have, the bigger your network and the more valuable your site. I use Twitterfeed to link my writing directly into Twitter, and all of my followers (right now about 40 of them) gain access to my work.
Soon I noticed these posts linking to the phishing site started going out every day, with the link and my name on them. Some idiot hijacked my Twitter account, and I became a spammer.
I tried a few quick damage-control measures. Blocking the original source of the link. Adding a disclaimer to warn followers away from that link. Part of that was saving face -- letting my followers know it wasn't me sending those things. And the spam messages still showed up, every day.
Final analysis: There seems to be a simple fix, a real no-brainer. Change your Twitter password. I did that, and the messages stopped. D'oh!
Meanwhile, those who use Hotmail for email (I'm not sure why you'd want to) are getting phished big time. According to gHacks Technology News:
Microsoft has recently confirmed that thousands of Windows Live Hotmail customer’s credentials were exposed on a third party website. According to Neowin the account information were posted by an anonymous user at the pastebin website. The list that was posted contained over 10.000 account details of accounts starting with the letters A and B which suggests that additional lists might be in the hands of the attackers. Initial investigations suggest that only accounts used to access Windows Live Hotmail were affected (which includes email accounts ending with hotmail.com, msn.com or live.com ... Microsoft determined that the attack was not a breach of internal Microsoft data and believes that the account data was gained by a phishing attack. Phishing attacks are common ways these days to lure users into entering their account data on websites that look like the real deal but are not ...
Again, the gHacks-prescribed fix is a simple one: Change your password. Now.
There are a few before-the-fact and after-the-fact ways to protect yourself here:
Changing your password is the best back-end fix, though it is a pain in the butt. Even more painful now, when you access your accounts through a third-party application or site. For me, this meant changing the passwords on TweetDeck and Twitterfeed. As I write this, I'm pretty sure I haven't checked if my feed on this blog has been fixed yet; probably not. Note to self: Fix.
I haven't really checked it out yet, but there's a program called lastpass that's supposed to make it easy. It was mentioned in the gHacks piece, so I downloaded it and will give it a go. Might have something to write about there; stay tuned.
Also, the other standard self-protection rules apply. Don't click on Twitter links unless you know the source. Pretty much the same rule as opening email attachments. I know I'm screwing myself here, as I get a fair bit of blog traffic through Twitter. But y'all pay attention to what the link is. If the link is attached to a blog post (in my case it's prefaced with a COLUMN or WORKBENCH) it'll be OK. Those attachments will only mess with your mind, not your computer or Twitter account. If the preface is something like GAIN ZILLIONS OF FOLLOWERS, MAKE MILLIONS WHILE SITTING ON YOUR BUTT, or LOSE 20 POUNDS OF DANGEROUS UGLY FAT WITHOUT CUTTING OFF YOUR HEAD, the link is probably real sketchy and you'd do well to ignore it. But you don't need me to tell you that.
This last is going to require some extra vigilance, as so much Twitter traffic involves passing links back and forth. Especially mine. Looking at the last 40 tweets from my network (representing about two hours), 31 have clickable links. Most will refer me to a blog post or a news story. This is probably disproportionately high, as many Twitter users merely use the account to keep track of some friends. Mine actually doubles as a news feed, so I'm going to have a higher percentage of links.
Sometimes it's tempting to cut all cords and wireless, eschew all technology, and go back to quill pen and foolscap. But that's not an option, not if I wish to function in today's hooked-up dialed-in world.
###
You tell me: What protective measures are you employing here? What works? What doesn't? Do you have any horror stories you wish to share? Use the comments section below.
No comments:
Post a Comment