By now we have all heard about the Twitter accounts that got hacked.
It was really an easy hack that was probably perpetrated by a someone on winter break, and not someone from NASA (if you know what I mean).
It is also partially the fault of the people who responded and hence, got hacked.
Here is what happened.
I received this e-mail. It was a direct message via Twitter
Alicia Carr via Twitter
Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-
Alicia Carr / journeyofchange
follow me at http://twitter.com/
reply on the web at http://twitter.com/direct_
send me a direct message from your phone or IM: D JOURNEYOFCHANGE your message here.
turn off these email notifications at: http://twitter.com/account/
This was one of many e-mails that I received over the weekend that were most likely part of the scam.
If you were to click on the links, you were directed to a Twitter sign in page – LOOK A LIKE.
Us suspecting individuals signed in to the page, thus giving up their passwords, and voila.
As I showed you above, this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages and provides a link. That link redirects to a site masquerading as the Twitter front page. Look closely at the URL field, if it has another domain besides Twitter but looks exactly like our page then it’s a fraud and you should not sign in. Here are some basic tips on how to avoid Phishing scams.
It’s called Phishing
According to Twitter:
This morning we discovered 33 Twitter accounts had been “hacked” including prominent Twitter-ers like Rick Sanchez and Barack Obama (who has not been Twittering since becoming the president elect due to transition issues). We immediately locked down the accounts and investigated the issue. Rick, Barack, and others are now back in control of their accounts.
The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.
So, what’s Twitter going to do about it?
We plan to release a closed beta of the open authentication protocol, OAuth this month but it’s important to note that this would not have prevented a Phishing scam nor would it have prevented these accounts from being compromised. OAuth is something we can provide so that folks who use third party applications built on the Twitter API can access their data while protecting their account credentials.
Phishing can become dangerous when criminals get your account numbers.
The FDIC has created this webpage to inform and warn consumers about a type of fraud called “phishing.” The term “phishing” – as in fishing for confidential information – refers to a scam that encompasses fraudulently obtaining and using an individual’s personal or financial information.
This is how it works:
- A consumer receives an e-mail which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
- The message describes an urgent reason you must “verify” or “re-submit” personal or confidential information by clicking on a link embedded in the message.
- The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in “phishing” scams, the Web site belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer’s mother or the consumer’s place of birth.
- When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person’s identity.
The best thing to do is:
- If you want to sign in to an account NEVER FOLLOW THE LINK FROM AN E-MAIL.
- Always, go to the sight directly from your saved book mark or by typing in the address.
- Be aware of what is in your address bar before you start typing.
- File an Internet Crime Complaint
- How to Protect Your Computer
- New E-Scams & Warnings
- Common Internet Frauds
- Risks of Peer-to-Peer Networks
- Parent’s Guide to Internet Safety
- More Protections