Twitter users have become the focus of a wave of attacks targeting social networks.
Inevitably, the ballooning popularity of the micro-blogging site has brought a range of scams, ranging from invitations to click on dodgy links, to a fraudulent site set up by identity thieves.
One attack used thousands of Twitter addresses stolen in a phishing (identity theft) attack to post what purported to be a link to an interesting/ exciting YouTube video. Instead, the link caused the user’s computer to download a variety of malware.
Another attack tried to lure users to an address called ‘Twittercut’, claiming that linking to this address would boost the user’s number of Twitter ‘followers’ (people reading your ‘tweets’). The link requests the user’s login and password details.
And a BBC presenter’s mistake highlighted still another Twitter problem: Jonathan Ross mistakenly posted his personal email address in a ‘tweet’, instead of just sending a private Twitter message, as he’d actually intended. As a result, his address was disclosed to more than a quarter of a million Twitter followers of his postings.
While the post was quickly deleted, a copy was still available through Twitter’s advance search feature. It’s likely that Ross has since been forced to change his email address – not only to avoid being spammed into oblivion, but to (hopefully) deny online scammers the opportunity to send out all sorts of rubbish in his name.
Security expert Graham Cluley, of Sophos, said this was a serious problem and Twitter should take steps to ensure that problem posts can be deleted immediately from all parts of Twitter – not just the user’s current stream.
Twitter recently started testing a new verification system to deal with ‘cyber squatters’ – people who misappropriate a user’s identity and then use it to make misleading posts.
Of course, the speed and immediacy of Twitter is the key to its appeal. Pity some people are so intent on high-speed tweeting that they forget a fundamental rule of online communication: think before you send.
Meanwhile, security problems continue to plague Facebook. Symantec has observed a new wave of phishing attacks using a compromised Facebook account to send a malicious link to friends and direct them to a site that looks identical to the Facebook login page. Users are prompted to provide their login credentials, which are then used by the phishers to spread their attacks further.
Symantec advises users to beware of any messages from within a Web site or that appear to be sent by that Web site and to keep their security definitions updated. Consumers who use the same password for multiple accounts, including online shopping and banking, are most at risk.
Facebook has also been criticised by Cambridge University researchers, who claim it’s not doing enough to ensure that harmful photos are completely taken down. The researchers posted photos on 16 popular Web sites, then deleted them. Thirty days later, they found the direct links to the photos still worked on seven sites, including Facebook. The researchers said this indicated a “lazy attitude” towards privacy. Facebook insisted photos were deleted “immediately” but could still exist on its Content Delivery Network (CDN) – although only for “a short period of time”.