Twitter Phishing Scams and Arseholes with Hooks

Written by: | October 15, 2009

You might be trying to figure out what the hell the word “phishing” means(and how to pronounce it) right now, so lets clear that up.

I pronounce the word as “fiishing” because for me, the significance and definition are somewhat similar. Here’s are some more definitions and reading material describing the term phishing.

Twitter Phishing Scams and Arseholes with HooksWhats phishing?

Phishing happens when some arsehole decides to send out automated emails or instant messages with the intent of stealing your username, passwords, credentials or other important or personal information. These arseholes (yes I am going to continue using that term throughout this post so get used to it) are smart, sly and incredibly convincing if you are not aware of the scam and it can have disastrous consequences, not only for you but your email contacts or connections on social networks as well.

The basic ploy is relatively simple.  The arsehole in question will create an email that replicates a bank, business or brand (lets take a bank for the sake of this example) that the majority of us will recognise followed by an official sounding letter asking you to login to your account, or similar, and check some strange activity or authorise a transaction.

They work on the pretence that if they send out 100,000 of these emails then a percentage of people will be with the targeted bank and will recognise it as a scam and another percentage, unfortunately will not and they will click the links and sign in, becoming a victim to the arseholes scheme as the page you are signing into is not actually part of your bank but in fact has been set up on a website to look exactly like your banks login page. Sneaky, sly and yes, criminal.

Phishing rinse and repeat

Phishing  scams have a relatively short lifetime as word spreads about their existance and the pages or websites get closed down but by then the damage is usually done. Eventually the scam fades in our memory and eventually we forget about it, only to have it resurface 6 months or a year later and the whole problem begins again.

It only takes a moment for a lack of concentration to fall foul of these scams and thats where the danger lies.

Phishing scams have developed even further now as they think up new methods of trying to fool us into making these judgement errors at every opportunity and of course they have targeted the social networks as well.

Video Phishing scam on twitter

Twitter has been attacked on occasion and the most recent was just this week (its still ongoing it seems). The one large advantage that a network like twitter has is that users can inform each other very quickly about the phishing scam but of course, this does not mean users will not be caught out.

Reports began appearing about a DM (a private message in twitter speak) that people began receiving which said something along the lines of:

Each one included a shortened URL link or a link that begins with “http://videos”.

Any users that clicked the link where taken to a page that had been purposely designed to be exacly the same as the twitter home page and they may be duped into thinking that they had to login again to see the video. Once they login, they have just given away their username and password to our (not so) favourite arsehole, the phisherman.

How people are caught out

The unwary clicked the link for two reasons.

Firstly they have been sent a Direct Message (DM).  In twitter you can only receive a DM once you are following someone and they are following you back, therefore the DM is seen as being more trust worthy, IF and only IF you have been carefully selecting who you follow back.  Those who use the auto follow back functions provided by third party sites are wide open to this type of scam.

The 2nd reason is the URLs (web page address) or links in twitter usually take the form of a shortened URL, a requirement on twitter to conserve space due to the 140 characters limit. This makes it incredibly difficult to decide in advance if the link you are about to click is a legitimate site or not.

How the phishing scam gathers momentum

It only takes one account to get hacked for the phishing scams to gain momentum hence the most dangerous time is on its initial deployment of the scam as users get caught out and this is where the viral nature of social media can be a disadvantage, especially if the scam has the functionality to spam auto DMs to the accounts followers. Let me illustrate:

  1. Scam launched at a person from existing account.
  2. User gets phishing DM and clicks the link
  3. They login to he phishing site and the username and password are captured
  4. The scammer immediately takes control of the account and sends a DM to all the followers with the phishing link (say 100 people)
  5. 10% of those getting the DM from a trusted source, click the link and give  their details to the scammer (10 new accounts)
  6. Scammer takes the 10 accounts and DMs all those followers (100 followers per account x 10 new accounts = 1000 new victims)
  7. 105 of the 1000 click the link, and the trend continues exponentially.
  8. The scam goes viral and everyone gets really pissed off with phishing scam arseholes.

Not a pretty situation… and the kick on effect is, many people will use the same password for twitter as they do for their email accounts. Thats where the real problems begin because the scammers then have intimate access to an email account and they can then try and login to different networks, pretend they have forgotten the passwords and click the “forgotten password” buttons, and Ta DAaaa! A convenient email arrives with the new password.

Now they have access to a lot more than just twitter.

How to avoid becoming a phishing victim

There are a few ways to avoid these types of scams, but none are 100% foolproof unfortunately. A healthy amount of caution (paranoia!?) is always required, avoid using third party auto follow software or tactics (makes life more difficult for the scammers), use different passwords for your accounts (Tim Nash made some startling discoveries on User Password Habits – Very scary!) and say informed about these scams, like the post Craig Edmonds wrote right here on CloudMixer about a similar Domain Name Appraisal Scam currently doing the rounds.

After that, its really down to trusting in the common sense you where born with and the common sense of your network!

Tweetdeck users take note

**TweetDeck can help yopu here.  If you use tweetdeck (you should imho!) click the settings button on the top right and in the General settings window tick the box marked:

Show Preview information for short URLS.

To activate it you may need to restart Tweetdeck.  Its a little annoying if you click a lot of links but if it stops you becoming a vicitm to phishermen arseholes then its worth it.  After activating this option, every time you click a link on tweetdeck it will pop up a small window with more details about the destination link helping you to decide if its authentic or not.  Not perfect, but every little helps!

Other phishing stuff

To see the latest information about the twitter phishing scam check out the feedback from twitter users on the subject.

Other examples of scams on twitter, and their rather tasteless, if not disgusting methods employed can be read about on Mashabale regarding the abduction of a child, known as the“98B351″ scam, because of the apparent car registration license used in the fictitious abduction.

The details of which make me sick to my stomach and quite honestly I would love to find the arsehole who thought of this and beat there damn brains in.

Be careful out there all, don’t become a phishing victim!

Twitter Phishing Scams and Arseholes with Hooks

Be Sociable, Share!
  • Twitter Phishing Scams and Arseholes with Hooks

Topics: New Media News, Social Media, Twitter | 1 Comment »

Posted on 15 October 2009 by Justin Parks

Justin has extensive experience in the on line world having been involved in website design and creation putting businesses on line since 2001. Strategy implementation, project management, design, process, social media, seo, you name it he's done it.

has written 14 articles for Cloud Mixer

  • http://topsy.com/tb/bit.ly/a2eO7 Tweets that mention Twitter Phishing Scams Arseholes with Hooks | Cloud Mixer – Mixing New Media Ideas — Topsy.com

    [...] This post was mentioned on Twitter by Eren Mckay and Bofu2U, Thomas Fjordside. Thomas Fjordside said: RT @cloudmixer Twitter Phishing Scams %u2013 Arseholes with Hooks | Cloud Mixer – Mixing New Media Ideas http://bit.ly/a2eO7 [...]