How to avoid Twitter phishing attacks
Over the weekend we noticed a fair few users fall victim to phishing attacks on Twitter.
We thought we’d give you a bit of advice on how they work and how to avoid them.
What is a Phishing attack?
Wikipedia defines phishing as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” On Twitter these attacks generally want you to hand over your username and password so your account can be used for further phishing and can be damaging to your brand or business.
How do these happen?
Usually you will receive a tweet or DM from someone who you know or follow, someone you may have done business with in the past or are looking to in the future. They will be along the lines of :
Is this you in the video?
Is this you in this picture?
Here’s a blog post. you’re mentioned in it.
When you click the link you are taken to a site that looks like the twitter login/reset password screen however you should always check the URL as these are made to look like the real twitter address or are just a selection of letters.
This is how you can tell that it isn’t a genuine link. Twitter should never ask you to input your details when clicking a link. Always check the URL.
Be especially careful on tablets and phones because the fake address may be almost illegible on the small screen of a mobile device.
If you aren’t absolutely certain of the source, then don’t click the link. If necessary, go to a desktop computer where you can more easily see details of the address.
If you are in any doubt, message the sender and ask them to verify if they sent it, often they wont have noticed that their account has been sending multiple spam messages.
What to do if my account has been compromised?
The twitter website has a guide on how to deal with an account that has been attacked.
The guide can be found here : https://support.twitter.com/articles/31796-my-account-has-been-compromised
If you have any questions do feel free to drop us an email or a tweet we’re @wbsteam