My apologies to the folks who got a DM from my Twitter account for about an hour this afternoon.
Here is how I think this happened. I have a strict password policy for myself and change it frequently. I test new tools regularly and make sure if the new tool asks for a Twitter login it is through the Twitter API and not asking me to login with username and password.
Today I got a DM with this text "I saw that you viewed my profiler earlier :D want to know how i found out? http://bit.ly/XXXXX" ( Purposely added Xs so that link is not clicked by mistake.
I ignored it as it seems sneaky anyway for a few hours. I went back to this tweet a few hours later and curious if this was a feature to check out like Linkedin's "Who viewed your profile". I am not sure if I was on a mobile device or my personal laptop so I did not notice that the link actually goes to a phishing page.
If you want to see the phishing page the link is http://hri.stalktrak.com/authorize_app_1/function.api.stalktrak.html( Please be careful if you click this page) . The correct URl to look for when using a Twitter auth is "https://api.twitter.com/oauth/authenticate?oauth_token=" followed by a string of characters comprising of a token. Anyway I appreciate the fact that Twitter has a mechanism to stop the DMs when it sees a pattern or the account exceeds a daily DM limit.
I am also thankful to be warned by a few of my friends as well. I managed to get to a computer and change my Twitter password quickly . Luckily I use different passwords so I won't have to change passwords at other places.
It seems like this scam has been around for some time. Here is a post from July 2011.
I reported the link to the US Computer Emergency Reradiness Team phishing page.
Lesson learned that you can never be too careful and I hope this helps you be cautious as well.
I love connections and want to bring value to people. Washington DC Small Business, Social Media, Technology, Communications, Marketing and Conversations with Shashi Bellamkonda Vice President Marketing at Leap | Marketing Leader Driving Business Growth & Customer Exp | Startup & SMB Advisor
Sunday, August 26, 2012
Abundant Caution Is Never Enough : Beware of StalkTrak
Subscribe to: Post Comments (Atom)
How to leverage Google’s AI Vision service for your computer vision needs
Google Cloud AI Vision is a new service that allows you to easily build and deploy computer vision applications on the cloud. With Google Cl...
More than a decade ago I arrived at a new job at Network Solutions that involved talking to customers and reported to a wonderful supe...
What an odd Norwegian show & quiet eating teaches us about consumers?
Post a Comment