I was not surprised by the recent phishing scam that hit twitter over the weekend, were you?

We have hit 2009 and some people started their case for world dominance before me, damn you. Over the past couple of days twitter has been all a buzz over a phishing scam that someone is using. While the scam seem to only be a way to send out spam to your followers again here we go with the what if scenarios.

What is a phishing?

(wikipedia.org description)
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites.

So now that you know what phishing is let me tell you why it’s gonna be around for a long time. Users are gullible, sometimes we click things we should not, sometime we are curious, sometimes the joke is on us. Gone are the days of sending you to a website that pops up 50 windows and it’s like a duck hunt game trying to shot your way out of the maze. Now what people, thieves, and yes sometimes companies, do is make you think that what you saw was real.

Twitter has a API that has been open for a long time, and the authentication has always been a question to me. Coders have no behind the scenes way with twitter to authenticate with any other way but to have users enter their username and password on an off site.

What makes this phishing scam work is the fact that with all the fail whale, and network issues of the past. When people saw the screen shot below at first glance that thought oh here we go again. Twitter is on the fritz but what most failed to do was to just look at the URL and see that it was not twitter.com that was serving up the page.

Will this ever stop?

Probably not but if you have other sites where you socialize you will notice some distinct things that try to help curb users from falling victim. A lot of other sites that have OPEN API’s allow you one password to log on to that service, then when you want to login or tie your account to another site they give you a alternative password. This helps to ensure that you don’t give out your real login password and shall we say hand over the keys to the house. Twitter knows all about this authentication method, why they have chosen not to implement is beyond me.

I think it’s time twitter give it a second look, other wise I for see some people changing their strategy of using twitter as the first line in micro blogging and move on to something like friendfeed, brightkite, or even jaiku (no one really uses jaiku so I’m only kidding on this one) none of these sites do things much better but when people get feed up they move on to the next ship.

Remember boys and girls your password is a very important thing, I blogged about this here in I wonder how many computers will be infected and I still feel people are sleeping on good passwords for access to their online life. Keep your password in your pants that way no one can steal it, for the most part. But seriously just be aware of whats going on, and remember two things if nothing else in this post.

  1. No the King of some small country does not really want to deposit 28,000,000 in your account
  2. You bank will never send you anything online saying change your password it’s been compromised

Twitter get it right or get lost oh and don’t forget to follow us on twitter.com/thebtr

TBTR

You can leave a response, or trackback from your own site.

One Response to “I was not surprised by the recent phishing scam that hit twitter over the weekend, were you?”

  1. One of the things I love about Google Chrome is that it makes the TLD stand out in the address bar.

    Just started following you on Twitter and am looking forward to what you have to say.

Leave a Reply

Subscribe to RSS Feed Follow me on Twitter!