Posted by Kristen Nicole in While running errands this weekend, I started receiving several incoming text message alerts on my cell phone. They were all direct messages from Twitter. And they were all spam. The DMs went something like this: “check out this funny blog I found about you.” A URL was also included in the message that redirected you to a fake Twitter login page. And less than 48 hours later the phishing messages are becoming more blatant, with lures of friends winning iPhones.
It reminded me of the spam messages you’d get in your email inbox with enticing links taking you to a YouTube video that your friend found of you–only they weren’t actual links to YouTube. Just another phishing ploy. Many feared that Twitter could be used for such spamming initiatives, but given the fact that it’s difficult to spam people if they don’t follow you has made it a smaller concern than we’ve seen on other social networking sites.
Fake Twitter Login
But since Twitter has opened up its platform to allow third party developers to build applications that automate much of your Twitter activity, it’s becoming easier to sneak spam and misleading links into the Twitter service. While this isn’t the first time someone has managed to get spam onto Twitter, the widespread adoption of Twitter along with more automated services that make phishing links appear to come directly from friends has made the latest wave of spam a major concern. Which is why Twitter has taken a proactive stance this time around.
Aside from a post on the company blog, Twitter has also posted a warning directly on your Twitter profile page, front and center. It’s a good tactic, given the nature of the phishing bot and the level of trust that Twitter users have for something like a private, direct message. For those users that stick to mobile and third party applications, however, how could Twitter most effectively alert them to the latest phishing scam?
Phishing, spam and scammers are not going away. Twitter needs to protect it’s most valuable corporate asset - the trust of it’s users. That’s going to take more than a warning and a post. It takes changes to Twitter’s DNA and to the API every developer out there with a Twitter app uses. And now that phishing has come big time to Twitter, there’s blood in the water and the online sharks are going to moving closer at Internet speed. Time to stop this problem before it does real damage.
Kristen Nicole is the co-author of the “Twitter Survival Guide.” With Bob Walsh, this ebook covers the history and social importance of Twitter as a web and mobile tool, and is the perfect resource for getting your Twitter account set up and ready for personal or professional use.
Twitter was a big mess this weekend. Surprisingly I didn’t get any spam DMs on the account where I have the most followers but on a smaller one I use for a separate blog.
I completely agree that it would be so much more efficient to have something on the mobile apps. If it weren’t for those who retweeted constantly about the phishing, it would have been much worse for those of us who do use apps for Twitter.
I
While phishing in general is something that requires more universal education to combat, I don’t believe Twitters API was the culprit. It contributed, certainly, by forcing developers to demand some blind trust from Twitter members signing up for their services. However, that alone was not responsible. The phishers gained access to Twitter accounts through their own means of deception, and that is what allowed so many accounts to be compromised.
Although I have yet to see a comprehensive summary of who was effected, those who take precautions out of habit (changing passwords regularly, critiquing third-party tools before handing over the keys to the account, being patient before signing up for a new service, etc) seemingly were not the ones with accounts sending out the direct messages.
Spam adapts to new channels in different ways. With Twitter it is primarily “account spam” that relies on email notifications of new followers to get a bunch of eyes on a profile link. A lot of marketing (from spam to legit practices) is done through Twitter. We already have the most powerful weapon to combat unwanted content in the unfollow, an action that stops further direct messaging spam as well as the kind that appears in the timelines.
Twitter is making adjustments, as evidenced by evolving strategies to combat spammers, improve reliability, and upgrade the API. It is a young company leading the way as we explore a new way of communicating. Unintended use brings challenges as well as serendipity.
[...] twitter phishing ruin ur weekend? http://multisocialmedia.com/?p=113 [...]
Great point Kevin. Phishing isn’t going anywhere, and as networks become more open it will increase the number of channels by which phishing and spam can be exposed.
Jamie,
You lucked out!