Monday, April 26, 2010

How Your Facebook Gets Phished and Your Twitter Gets Taken

Last summer I felt like a rockstar on twitter. I had finally got into the groove, comfortable with "tweeting" and I was gaining followers like never before. Over ten a day follower emails were coming into my inbox, announcements like "Benjamin White is now following you on twitter" ... I was getting pretty good at this social media thing! By the end of one week, when I should have had a few hundred followers, I still only had 70. Something wasn't adding up but I was too busy to figure out why, so I assumed people were just rapidly following, then un-following me as some kind of retarded marketing tactic. Then it started getting out of control... 30, 40, 50 new followers a day. It was becoming a nuisance, cluttering up my Gmail, so I logged into twitter to turn off those annoying email alerts. When the alerts kept coming, that's when I knew. Nobody was following me. Twitter wasn't sending me those emails. It was phishing.

Phishing is simple. You get a phony email that's designed to look like it's from a legitimate website. People click on those emails, thinking they need to accept a new friend, or respond to something, and the hook is set.  Once they "log in" to that faux website, it's over, they are caught. Phishing goes on not just for twitter or facebook, but for eBay, Yahoo! and You Tube. It's all over the net. It's especially bad for those people who have the same login and password to more than one online account. Criminals know everybody keeps this simple, once they have your login to facebook it's highly likely they can get into your webmail and then into other accounts.

I never clicked on the announcement emails directly, I learned years ago working (at eBay actually) that this is a no-no.  Instead I'd went directly to to see who my so called new followers were. Even then it took a couple of weeks for me to figure out that I was being bombarded by phishing emails and I knew better. Still, I have different logins for everything, and gmail is excellent at figuring out what is spam and what is real.

There are other ways you can get phished, for example right within Facebook. Phishing does not have to come through your email. Any website where you can chat, or receive messages from other people you can get phished. The only rule anybody should try to remember is, don't click on links from a message that takes you to an outside site where you have to go log in. Just go to the outside site, type in that address yourself if you want to see that video, friend request, or special prize. Also, encourage your friends not to send you information that's not relevant to you.

1 comment:

  1. Here's an article from the BBC from November 24, 2010 about this exact issue. Apparently 20% of facebook feeds contain malware. I wonder how much money that research firm made for figuring out the obvious.... Just ask somebody who works in tech!