My apologies to the folks who got a DM from my Twitter account for about an hour this afternoon.
Here is how I think this happened. I have a strict password policy for myself and change it frequently. I test new tools regularly and make sure if the new tool asks for a Twitter login it is through the Twitter API and not asking me to login with username and password.
Today I got a DM with this text "I saw that you viewed my profiler earlier :D want to know how i found out? http://bit.ly/XXXXX" ( Purposely added Xs so that link is not clicked by mistake.
I ignored it as it seems sneaky anyway for a few hours. I went back to this tweet a few hours later and curious if this was a feature to check out like Linkedin's "Who viewed your profile". I am not sure if I was on a mobile device or my personal laptop so I did not notice that the link actually goes to a phishing page.
It is always good practice to watch the address bar on your browser to make sure you are entering the link in a legitimate website and that was the simple precaution that I did not take this time. I signed in on this page thinking it was a Twitter login. ( Kicking myself now)
If you want to see the phishing page the link is http://hri.stalktrak.com/authorize_app_1/function.api.stalktrak.html( Please be careful if you click this page) . The correct URl to look for when using a Twitter auth is "https://api.twitter.com/oauth/authenticate?oauth_token=" followed by a string of characters comprising of a token. Anyway I appreciate the fact that Twitter has a mechanism to stop the DMs when it sees a pattern or the account exceeds a daily DM limit.
I am also thankful to be warned by a few of my friends as well. I managed to get to a computer and change my Twitter password quickly . Luckily I use different passwords so I won't have to change passwords at other places.
It seems like this scam has been around for some time. Here is a post from July 2011.
I reported the link to the US Computer Emergency Reradiness Team phishing page.
Lesson learned that you can never be too careful and I hope this helps you be cautious as well.
I love connections and want to bring value to people. Washington DC Small Business, Social Media, Technology, Communications, Marketing and Conversations with Shashi Bellamkonda Vice President Marketing at Leap | Marketing Leader Driving Business Growth & Customer Exp | Startup & SMB Advisor
Subscribe to:
Post Comments (Atom)
AI generated summary of 60 minutes AI edition
In a 60 Minutes interview that aired on April 17, 2023, Google CEO Sundar Pichai warned that artificial intelligence (AI) is advancing rapid...
-
What an odd Norwegian show & quiet eating teaches us about consumers?
-
I have used EventBrite (ref) about half a dozen times to organize events.IT fils the need and has some good reports. I got an email today ...
No comments:
Post a Comment