Recently I received an email allegedly sent to me by one of my new Twitter followers. When I clicked on the link I was taken to a site that offered up a fake Twitter login page that indicated my Twitter session had expired and asked for my login credentials. Clearly this was a phishing attack and it reminded me that Twitter, like other social networking services, has security risks. The point is you need to be careful when using Twitter and other social networking services.
Be Careful Clicking on Shortened URLS
URL shortening services are both a benefit and a curse for Twitter. They shorten URLs in your tweets to help keep your character count down but they also mask the original URL. If you can see a whole URL you can sometimes figure out that the link may be bogus, like when http://www.twitter.com is replaced with something like http://www.twtter.com. You can avoid getting tripped up by malicious URLs by taking these precautions:
- If you navigate to a web page like the one I’ve included here, do not enter your Twitter login credentials.
- Check the URLs you click on from shortened URLs and make sure they do not have missing characters in what appear to be normal company names within the expanded URLs, like twtter, facbook, etc.
- Check the web pages that you accidentally browse to make sure they belong to the companies they represent.
- Use the Browser Toolbar that comes with Trend Micro™ Maximum Security. This tool rates URLs in your Twitter feeds indicating whether the shortened URLs point to legitimate or malicious sites.
- Watch out for scams that are sent in direct Twitter messages like this one and make sure you follow tips 1 – 3 when you click on links contained in these messages.
Connect to Twitter Securely
If you login to your Twitter account with simple HTTP, your login credentials can easily be picked up by anyone sniffing packets on your network. You can avoid this problem by using secure HTTP or HTTPS. Just type in “https://www.twitter.com” and your login information will be transferred over encrypted connections. You should do this with all your other social network accounts.
Watch What You Post on Twitter
I don’t think anyone is silly enough to tweet their login credentials, so I won’t get into that.
But when I suggest that you tweet cautiously I’m not just talking about login information. You shouldn’t reveal your location or home address on Twitter either, particularly if you are not home. Resist the temptation to tell your followers that you are vacationing and having a great time in Bali, or wherever, far from home. Don’t forget that with Twitter your posts go out over the public timeline for everyone, not just your followers, to see. You may be telling some less then scrupulous people on Twitter that your home is ripe for the breaking into.
Being discreet on Twitter is an equally good practice. Avoid using offensive language and tweeting things that are overly provocative. Airing your dirty laundry about who you don’t like, and why, what you hate about your job or threatening people, even if you think you are kidding, can only get you in trouble. If you follow the tips I discuss in my blog Pinterest is Fun, But There Are Privacy Risks, you should be OK.
Author: Vic Hargrave