Found A Funny Picture Of You!
If you found this blog post through a search engine result, the odds are it might have been too late and you were an unfortunate victim of a recent phishing attempt on popular social media sites like Twitter and Facebook. For the rest of you, hopefully you were forwarded this link and were advised of the the potential harm this can do to your social media account(s).
The phishing attempt is quite sneaky. On Twitter, it’s usually a friend/follower that sends you a direct message that says something along the lines of “Found a funny picture of you” or “Saw this nasty blog about you” followed by a link. What happens when you click the link is that you get prompted to login again on an interface/website that looks just like Twitter’s login page, however, it’s NOT! It’s a re-creation of the login page in hopes of luring you to sign in with your username and password, which then gets delivered to the “hacker” in question.
What happens next really depends on the hacker’s intentions. Some simply do it to spread a link, get a deep click-base on a URL and as many page views as possible. Others – and this is the worse case scenario – use your Twitter password to try and get deeper into your social network or related sites. Since most of us like to use 1 password, they then go to Facebook and login with your password or try other important websites like banking or Ebay.
In some situations, your password might get changed right away, making your account useless and technically not yours anymore! Of course, there is always the password reset feature on Twitter that sends your password details to your email address, so hopefully you catch this before your email address is changed.
As a best practice across the web, NEVER click on a link you receive via email, Facebook, Twitter or any other site to login. Most of the banks and websites like Paypal and Ebay have put this practice in place and simply ask you to login, without any links. Forcing you to go to your browser and type in the address rather than clicking on a phony link.