Pages

23 April 2009

Phishing for Twitter Security

image 22 04 2009 - Stop the virtual popularity contest. There is a trend among members of social networking sites to "friend" as many people as possible, even if they do not actually know them. The same goes for "following" and responding to unknown "tweets" on Twitter. Such "friending" provides opportunities for attackers to spread worms and other viruses.

The social networking site Twitter was hit by hackers recently, affecting the accounts of several high-profile celebrities, including Britney Spears, Bill O'Reilly and even then president-elect Barack Obama. The scam is worrisome for Twitter users, since many people use the same passwords across various online accounts that contain personal and financial information, such as Amazon.com, PayPal and Web e-mail accounts.

"Phishing is the oldest trick in the book," says Mary Landesman, ScanSafe's Web security expert. "Someone sends a link that leads to a Web page asking for the user's login credentials. It's a completely avoidable breach of security.

"Never, ever enter your login credentials from a Web site accessed via a link received in e-mail, IM or Twitter," she adds. "While it must be embarrassing for the celebrities who were impacted, it should concern all citizens when the future president of the United States is among the victims."

Phishing is not the only security vulnerability on social networking sites like Twitter, Facebook and MySpace. ScanSafe recommends the following five tips to protect yourself on social networking sites.

Stop the virtual popularity contest. There is a trend among members of social networking sites to "friend" as many people as possible, even if they do not actually know them. The same goes for "following" and responding to unknown "tweets" on Twitter. Such "friending" provides opportunities for would-be attackers to spread worms and other viruses.

Do not go click happy. Regardless of whether you know the sender, never click on links received unexpectedly.

Be careful what you click for. If you do click a link that then requests you install something, do not install it. If you have a reason to believe a legitimate update is required, visit that vendor's Web site directy and update from there.

Be cautious with your login information. Never log in to a site accessed via a link received in an e-mail, instant message or a social networking site. If you believe the login request is legitimate, visit the site as you normally would and log in via the normal interface.

Always sign out and log off. Users should log off of sites they are not actively using. It does require a bit more discipline, since they will need to remember to sign out and will have to sign back in each time they wish to use the site. By taking this extra step, however, users will not only be enhancing their own security, but the security of their legitimate friends, as well.

Source: Top Tech News



Post a Comment