How the hack?

Listen to the audio version

 

hacker

photo credit: devdsp via photopin cc

More and more of us are receiving strange and sometimes upsetting Direct Messages through our twitter account these days. “This blog is about you” “is this you?” “someone said this really bad thing about you…” Never, ever follow any of the links associated with these messages!

What I find most unsettling is that often these messages appear to be sent by accounts that I follow and value. No - these accounts didn’t cross over to the dark side of Cyber-junk! Most of these attacks are caused by computers that are infected by viruses that have nothing better to do than collecting your personal data and spreading themselves through your Social Media channels like Twitter and Facebook.

Of course your friends or favourite brands didn’t suddenly turn into vicious cyber-criminals. Most will not even notice that their account is spreading dangerous malware. But the damage done by these accounts can be very serious. An attack like this signals that your computer security was breached and that the personal information stored on that computer is potentially vulnerable. A number of your followers will unfollow you or even report you for spreading malware messages.

I am no specialist on Internet security so I consulted the blog of my Computer Support Specialist and friend Cate Eales (@catester). Lo and behold she just published one of her great “hands on” computer advice posts “What happened” about how to protect your computer from these kind off attacks.

I am following Cate’s advice and have changed my security software to her recommendations and (knock on wood) none of the accounts I handle have been compromised so far. Cates post is well worth reading but let me point out two of the statements that I keep repeating to anybody that wants to hear them (or is to polite to leave):

  1. “Think before you click” If it sounds too good to be true, it usually is. We all learned as kids “don’t go with strangers”. The same goes for emails from strangers or Social Media updates that sound too good to be true. If you are not sure if the offer you are given is genuine or not. Use the power of Social Media and ask the account that sent is for confirmation. Malware can’t read and answer (yet).
  2. Use a browser add on like “Web of Trust” I love this little helper that puts a little red circle behind every link that was previously reported as untrustworthy. I also use it to qualify new Twitter followers (stay tuned for a webinar and blog post on this)

 

Now it happened to you - your Twitter account sent out a gazillion DMs asking people to follow a malicious link. You are embarrassed and wade through piles of emails complaining about your messages. You are not aware of any wrong doing and you certainly didn’t open an online business selling drugs.

How could it happen?

  • May be a scam was smart enough to lure you in? (don’t feel bad there are scores of programmers that try hard to trick you)
  • Someone else using your computer was tricked without noticing it?
  • A third party application you authorized was hacked?

 

What can you do? I found a very good support article in Twitter’s own Help Center

  1. Change your password - use a strong one with a combination of capitals, lower case, letters and numbers that you aren’t using anywhere else
  2. Make sure you tell all your programs and trusted applications your new password
  3. Revoke access to applications that you authorized on Facebook or Twitter unless you use them regularly
  4. Most of my clients are surprised when I show them the amount of programs they authorized over the years
  5. Monitor your Social Media platforms daily! Include a look at your “sent tweets” and “sent messages”
  6. Share what you learned with your friends! Help your friends stay safe and save them from danger. If you receive a suspicious message or see a known scam on someone’s Facebook wall - send them a message and tell them how to protect themselves

Update: Here is a great service that reminds you to check your authorizations once a month and goes through all of them: http://mypermissions.org/

0
0
0
0
0 SHARES
Frithjof

Frithjof

I am the the founder of BlueBird Business Consulting (formerly Tweet4Ok). My focus is on Social Media strategy and education. My blog covers topics ranging from how-to social media posts to more general topics of concern for a rapidly changing digital world. Favourite quote: “To succeed in the business of the future we have to become the very people we are trying to reach” ~ Brian Solis
Frithjof

@bluebirdbc

Digital Media strategy and integration. Websites that work! FixMy #WordPress #SocialMedia educator. 30 day Email list Bootcamp
Get instant Twitter insights with Riffle by @CrowdRiff, a free Chrome extension http://t.co/b04LhCwlJ6 - 28 mins ago
Frithjof
Frithjof

Related posts:

tightropeWalking the tightrope Your Top 10 Uses for Twitter What Metric Is Important To Measure Your Social Media Success? Avoid Most Auto-DMs on Twitter
YARPP

Tags: , , , , , , ,

3 comments
  Livefyre
Newest | Oldest
What The Hack 5pts

I don't know whether it is Facebook or some other Apps of other sites like the social dating sites which request you grant permission like posting on wall and sending request to your friends on your behalf. There was one such incident that had happened 6 months ago on my Facebook account. Somebody had posted a video link and when you click on that video, it will automatically use all authorization to post on your friends wall as well. So that link started getting spread virally. So that had really annoyed me. I appreciate your feedback.

What The Hack 5pts

Yes, some advertisers are targeting peoples' social media accounts in order to drive traffic to their website and sell their products. Facebook is one such website where such viral marketing techniques are implemented using various apps.

Frithjof
Frithjof 5pts

Hmmm I'm not sure if I understand your comment right - It's important to point out that Facebook itself is not sending malware links. It's outside apps that are the weak spot

Clef two-factor authentication