symantec
view cart view cart new order order status checkout shop home

Customer Service

Home Users
All Products
Upgrade Products
small business

Special Promotions
Create your bundle
Compare products


privacy policy
security



Article

New Targets

Tweet Safely: Twitter Scams to Dodge

By Michelle V. Rafter

Monica Bhide didn’t realize what was happening when she innocently clicked on her friend’s Twitter page.

The stream of messages coming from her friend’s account were so strange Bhide, a cookbook author from Tysons Corner, Va., clicked over to the friend’s Twitter profile page to investigate.

That simple action was all it took for a worm that had infected Bhide’s friend’s Twitter account to attack hers as well. In a split second, the Mikeyy worm, dreamed up over Easter weekend by a bored 17-year-old according to news reports, was forwarding the same stream of strange messages to all of Bhide’s Twitter followers.

All this happened only days before Bhide’s new cookbook was out in bookstores, and in preparation, she’d linked her Twitter updates to automatically appear on her Facebook page, which was quickly filling up with worm-infested junk. “It was a little unnerving,” she says.

Welcome to the wonderful world of Twitter, the microblogging platform that’s attracting new users by the millions -- Oprah and Barbara Walters are some of its new fans. As more people discover Twitter, the viruses, phishing attacks, spam and other scams that have been the bane of larger social networks such as Facebook and MySpace have followed.

Thankfully, the Mikeyy virus wasn’t especially dangerous or damaging. But other Twitter hacks have attempted to con people out of their phone numbers, passwords and other personal information. As the network gets bigger, online security experts encourage Twitter users to be more cautious.

“Nothing catastrophic has gone through Twitter yet because the community isn’t as big as Facebook or LinkedIn, but it’s growing incredibly fast,” says Andy Hayter, an anti-malware program manager at ICSA Labs, a Mechanicsburg, Pa. security industry testing and certification organization. “This was a wake up call to Twitter users that they are vulnerable.”

So, if you’re going to use Twitter, be aware that many of the same types of scams you need to protect yourself against on email, on the Internet, and on social networks, are being perpetrated on Twitter, too.

Twitter Scams

The first step is to educate yourself. Here are some Twitter scams to watch out for:

  • Worms: According to Twitter and security industry officials, the Mikeyy worm used a common Website programming language called JavaScript to infiltrate and take over Twitter accounts. Other worms use known vulnerabilities in JavaScript to spread malware on PCs.

  • Phishing attacks: According to Twitter, recent phishing attacks looked like a direct message (DM) or email notice of a DM instructing someone to click on what appears to be a link back to the service. But, in reality the link went to a phishing site that asked for personal information like an account password. Phishers used the divulged passwords to take over people’s accounts.

  • Spam: Scams hawking get-rich quick schemes, multi-level marketing opportunities and other questionable businesses that flood email inboxes and blogs are all over Twitter. One of the latest: a phony Twitter account that tricks people into a Google scam by promising them the chance to win a new car.

Defending Yourself

Cybercriminals rely on social engineering (which is a means of manipulating people into doing things they wouldn’t otherwise do) to con their victims. The best way to defend yourself on Twitter is to interact only with people you know and trust, says Hayter, the ICSA Labs malware expert. Of course, this advice is not likely to appeal to people who are keen on building up a big network of Twitter followers. So in that case, be careful about which links you click on, Hayter says. If something looks odd, leave it alone.

What else can you do? Here are some recommendations:

  • Reboot an infected account. If your Twitter account gets the Mikeyy worm or one like it, remove it by closing any Twitter utilities you have running, disabling JavaScript on your Web browser, deleting any Twitter messages you didn’t create and then picking a new password. Or if Twitter has locked your account, place a request for the company to reset one for you.

  • Block JavaScript. All the major Web browsers allow you to block JavaScript. In most browsers controls are found in the Tools: Internet Options section. A Firefox add-on called NoScript gives you the ability to run JavaScript only on Websites you approve.

  • Keep operating systems patched and use anti-virus and anti-malware programs. Download operating system patches or service packs on a regular basis to make sure it’s protected from the latest worms and fishing attacks, Hayter says. The same goes for anti-virus and anti-malware programs: those defenses won’t work against new threats like the Mikeyy worm if you don’t keep them updated, he says.

  • Report problems. Use an account Twitter set up called @spam to report spam and other suspicious activity on the service.

  • Stay informed on new attacks. Twitter runs a Twitter Status page to inform users of system problems like worms or phishing attacks that you can consult if you run across something that looks suspicious.

After Bhide’s Twitter account was infected she immediately posted a note about the problem on Facebook where another friend saw it and pointed her to step-by-step instructions elsewhere online to get rid of the bug. Bhide says the experience won’t keep her off Twitter, but it has made her more cautious. “Worms and viruses are part of our world now so I think I should do a little more to protect myself,” she says.

Michelle V. Rafter is a journalist based in Portland, Oregon. She's spent more than 20 years writing about business and technology for magazines, newspapers, wire services and Web sites.

More Articles >
More Features
Symantec Security Check

Test your computer's exposure to online security threats and learn how to make your computer more secure.

Test
Symantec Tools
Norton Solutions

Protect your family computer from viruses and other threats.

Visit
Today's Top Threats

Click below for removal instructions to the latest virus threats.

Internet Security Threat Report
Vol. XIV

This report offers analysis and discussion of threat activity over a six-month period.

Visit
Security Poll

Do you like to add personal friends to your professional networking sites?

Vote
Symantec Glossary

This week's tech term:

mp3

Definition View entire glossary


1995-2007 Symantec Corporation. All Rights Reserved.



view cart view cart new order order status checkout shop home