Skip to main content

Abundant Caution Is Never Enough : Beware of StalkTrak

My apologies to the folks who got a DM from my Twitter account for about an hour this afternoon. 

Here is how I think this happened. I have a strict password policy for myself and change it frequently. I test new tools regularly and make sure if the new tool asks for a Twitter login it is through the Twitter API and not asking me to login with username and password.

 Today I got a DM with this text "I saw that you viewed my profiler earlier :D want to know how i found out? http://bit.ly/XXXXX" ( Purposely added Xs so that link is not clicked by mistake. I ignored it as it seems sneaky anyway for a few hours. I went back to this tweet a few hours later and curious if this was a feature to check out like Linkedin's "Who viewed your profile".  I am not sure if I was on a mobile device or my personal laptop so I did not notice that the link actually goes to a phishing page.
It is always good practice to watch the address bar on your browser to make sure you are entering the link in a legitimate website and that was the simple precaution that I did not take this time. I signed in on this page thinking it was a Twitter login. ( Kicking myself now)

 If you want to see the phishing page the link is http://hri.stalktrak.com/authorize_app_1/function.api.stalktrak.html( Please be careful if you click this page) . The correct URl to look for when using a Twitter auth is "https://api.twitter.com/oauth/authenticate?oauth_token="  followed by a string of characters comprising of a token. Anyway I appreciate the fact that Twitter has a mechanism to stop the DMs when it sees a pattern or the account exceeds a daily DM limit.

I am also thankful to be warned by a few of my friends as well. I managed to get to a computer and change my Twitter password quickly . Luckily I use different passwords so I won't have to change passwords at other places. It seems like this scam has been around for some time. Here is a post from July 2011. I reported the link to the US Computer Emergency Reradiness Team phishing page.

Lesson learned that you can never be too careful and I hope this helps you be cautious as well.

Comments

Popular posts from this blog

Flying Emirates 232 from Washington Dulles to Dubai - Review

Emirates flies the Airbus A380-800 from Washington DC to Dubai
There was a time that flying between India and the US meant a stopover in London, Frankfurt, Paris or Amsterdam (I loved Amsterdam). However in the past decade this has changed dramatically. Now `Emirates (Dubai) Etihad (Abu Dhabi) Qatar Airways (In Doha, Qatar) have taken over these routes with their new aircraft and great service.
From Washington DC, Emirates is an outlier, it flies in the morning at 10.55 from Washington Dulles Airport (IAD) and reaches Dubai at around 8.30 a.m. Other flights, Etihad, Qatar and flights with European stopovers take off after 9 p.m at night.
I love this timing but it does cause a disagreement in my house. My wife prefers to fly Eithad due to the timings. My wife's viewpoint is that it is difficult to sleep on the Emirates flight since it starts in the morning. I enjoy the morning flight. My game plan is to sleep less for a few days to my Emirates flight. Once on the flight, I divide …