All Things Upwork
May 20, 2009 by Frank Higgins


With Twitter’s monumental growth, there has been an increase in the amount of scammers looking to exploit individuals for profit either by the technology itself or by “social engineering“. Many of the same security disciplines required when using email or the web in general now apply to Twitter.

Sounds Phishy: Just like in email, getting a direct message or invitation to click a link has to be judged before following it. There have been many instances of scammers inviting tweeps to follow a link with a phrase such as “Who posted that pic of you on Twitter!!!!” Any Tweep following the link will be directed to a fake twitter logon page or other similar data gathering page. With enough data, any scammer can fill in the rest.

Give me your security question answers: This was an excellent example of social engineering. The recent twitter porn names scam was simply a hashtag trend started inviting people to create a twitter porn name by adding various common security question answers such as your pet’s name. Once someone tweets this info the scammers had the username and a selection of common security question answers. A few trips to Yahoo mail or Gmail would probably get you into someone’s bank account.

Sure buddy, just send me your credit card number: Tweet about how much you want product X. A certain scammer will befriend you as an employee of the company that makes Product X. After he builds up a little trust, he will offer you Product X at a special, insider price. Email him your credit card or bank info, game over.

Phone Home: “You have just won a free cell phone!” the tweet says. Clicking on the link and after filling out you cell number and basic details, you will just auto-enrolled on a $20/month horoscopes or similarly unwanted messages direct to your phone by text scam.

Worming in: Another recent Twitter attack that was more benign than malicious where an industrious but “bored” hacker used a javascript hack to take over Twitter accounts to spam twitter. Titled “Stalkdaily” or “Mikeyy”, it owned twitter for a few days. This, in honesty, was Twitters problem and not the users but users who used third party software clients to access Twitter like Tweetdeck were immune. This exploit in the hands of a more ill-intentioned individual might have delivered a few sad stories.

If we missed on any, simply tell us in the comments or link to the info. Safe tweeting.