Slashdot Log In
Do Twitter Phishing Scams Herald the End of Microblogs?
Posted by
CmdrTaco
on Mon Jan 05, 2009 11:36 AM
from the sure-why-not dept.
from the sure-why-not dept.
An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"
Related Stories
Submission: twitter phishing scams -- the end of microblogs? by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Innocence? (Score:5, Funny)
this is the end Twitter's innocence.
Isn't this the internet? What's innocent?
Re:Innocence? (Score:4, Funny)
For a truly internet-friendly explanation:
Innocence is like loli before your ingame avatar gets his hands on her.
*a loud "oooooooh, i get it!" runs through the audience*
There you go! :)
Parent
Re:Innocence? (Score:5, Funny)
Then i have just one tip for you:
Run. Don't turn back, run! RUN!
Parent
Re:Innocence? (Score:5, Insightful)
Parent
Re:Innocence? (Score:4, Informative)
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents. We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far. The sciences, each straining in its own direction, have hitherto harmed us little; but some day the piecing together of dissociated knowledge will open up such terrifying vistas of reality, and of our frightful position therein, that we shall either go mad from the revelation or flee from the light into the peace and safety of a new dark age."
-H. P. Lovecraft
Credit where credit is due.
Parent
Not news. (Score:5, Insightful)
Parent
Re: (Score:3, Informative)
Reported Web Forgery!
This web site at twitter.access-logins.com has been reported as a web forgery and has been blocked based on your security preferences.
Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.
Entering any information on this web page may result in identity theft or other fraud.
Seems like Firefox already has this under control
Re:Innocence? (Score:4, Funny)
Parent
Re:Innocence? (Score:4, Funny)
Parent
No, end of services (Score:5, Insightful)
If Twitter is smart, it will end its auth api or modify it so that folks have to go to twitter to authorize an application. This is the way that Facebook, Yahoo, and OpenID do it, as well.
Re:No, end of services (Score:5, Interesting)
Domain phishing like the access-urls thing in the article picture could be best fixed by ssl logins...
Parent
Re: (Score:3, Interesting)
They really should implement SSL logins soon. It appears as though Barack Obama's Twitter account was recently somehow affected by this: http://flickr.com/photos/cparker15/3171416978/ [flickr.com]
While I know this doesn't really mean a whole lot to many on Slashdot, I'm sure @BarackObama [twitter.com] has a lot of followers that could have been duped by this.
Re:No, end of services (Score:5, Insightful)
How? If the user is willing to give their password to http://twitter.access-logins.com/login/, why wouldn't they give their password to https://twitter.access-logins.com/login/?
SSL logins are a good idea, but I do not see how they address phishing. I guess an EV might have some effect because users might be trained to expect to see "Twitter, Inc." in the URL bar... but if they are not even looking to see if they are on twitter.com when entering their password, I doubt it.
The real problem is sending passwords in plaintext (or encrypted plaintext like SSL, which doesn't help if you have an encrypted connection straight to the phishers) as opposed to some form of challenge response, but that is a hard one to fix since they are so prevalent and the framework to replace them does not really exist.
Parent
Re: (Score:3, Insightful)
And what does that have to do with this scam?
I assume you mean it's because they use the API to send the messages, but they could easily have just scraped the website to send them anyhow. The only way to prevent twitter-spam (and any other service) is to only allow messages from friends. Since that is really, really restrictive, you won't get many services to do that.
It's not that I don't agree that they should require authorization for apps on twitter, it's that it has nothing to do with this story.
Re:No, end of services (Score:5, Funny)
If my toilet cant twitter then I'll stop using it.
Um. . . do you mean Twitter or the toilet?
Parent
Re:No, end of services (Score:5, Funny)
If my toilet cant twitter then I'll stop using it.
Um. . . do you mean Twitter or the toilet?
Whichever. They're both full of shit.
Parent
Let's hope so (Score:5, Insightful)
terms like "twitterverse" and "microblog" are heralding the end of the sane Internet, so lets hope they get consumed by the vermin of the Internet.
Re:Let's hope so (Score:5, Funny)
Somehow my mind refuses to acknowledge that "w" in "Twitterverse".
And thus my imagination brewed a beautiful image...
Parent
Re:Let's hope so (Score:4, Insightful)
The sane internet died a decade ago. We're in the death throws of the internet-of-the-corporate-hack. Likely our next stop will be the reincarnation of an AOL like atmosphere where a central application or website insulates you from the internet, and provides you with a limited array of things to do.
Parent
Re:Let's hope so (Score:5, Insightful)
The sane internet died a decade ago. We're in the death throws of the internet-of-the-corporate-hack. Likely our next stop will be the reincarnation of an AOL like atmosphere where a central application or website insulates you from the internet, and provides you with a limited array of things to do.
Ironically, it was the connection of AOL to the internet that marked the end of sanity in my book.
Parent
Re:Let's hope so (Score:5, Funny)
Me too! (c)AOL, 1996
Parent
Re:Let's hope so (Score:5, Interesting)
Holy cow, you've hit on the solution! This is exactly what's needed! Needed not by us, of course, but by normals. Consider the possibilities. As you well know, over 90% of the people who own computers are not qualified to use anything more complex than a simple calculator. Computers are very complex tools. What are normals using these tools for? Well, to write email, maybe do their online banking, post stupid pictures of their kids on some website and...what else do normals use computers for? Not counting apps like Free Cell that don't require an internet connection, I mean. The rest of the CPU cycles of these computers are used to transmit spam and various malware—they are the soldiers of the botnets.
Then there's the maintenance & support headaches. Who here doesn't have a gaggle of clueless relatives and friends who bombard them with stupid questions and pleas for help with their malware-clogged, zombified computers? And then blame you the next time something goes wrong?
Well, the solution is now within our reach: put everyone of these people on dumb terminals connected to a service like AOL that gives them very limited options so they're not confused. They just plug it in, turn it on, and the user menu—complete with cute tail-wagging puppy—comes up. Give them access to word processing or spreadsheet apps on a pay-as-you go basis. (No installation hassles!) Sure, their data is now 0wnz0red by some corporate empire, but normals don't care about this kind of stuff.
Better yet, all maintenance problems now become the service provider's problem. You can honestly say "Gee, I can't help you with that, but if you call MyIntarnet's tech support, I'm sure they'll fix it". Best of all, without an on-board hard drive, there's no problem with virus/trojan/worm propagation. Spam will finally die...well diminish, anyhow.
Of course that's for them; people who know better would still use real computers. It would be even better if they could have their own internet sorta like AOL was in the early days...but that's probably not practical.
Parent
That would imply that non spam tweets were useful (Score:5, Insightful)
Thus far Twitter seems like a totally useless idea to me. No, you are not so important that everyone cares what you are doing when you are going shopping.
Re:That would imply that non spam tweets were usef (Score:5, Insightful)
Agreed. Much like the "blogosphere," twitter is the kind of thing that is OMFG WORLD CHANGING.... but only to its users.
It's great that the service is there and all, but like facebook, myspace, et al, I really wish people would stop blithering about how INSANELY GREAT it is.
A web gui for the equivalent of an IRC or AIM /away message is about as world-changing as a gui for a MUD. Sure, at least one [worldofwarcraft.com] is successful... but I don't do MUDs or MMOs, so how has it changed my life, aside from a few of my friends disappearing for months whenever a new expansion is released?
That said, a pointless-to-me-anyway service that people I otherwise respect can't shut up about is being crapflooded? Awesome!
Parent
Re:That would imply that non spam tweets were usef (Score:5, Insightful)
I'm kind of with you on this one. I remember back in the day, if you spent more than an hour on the phone people thought there was something wrong with you. Back then I thought they were right. If some galactic disaster wiped out electronics on Earth, there would be a lot of people who suddenly lose it because they have nobody to blab to. Twitter gives them this outlet even when they are surrounded by people that really don't want to hear their crap. It's really no different than thinking outloud or talking to walls; an umbilical cord to keep them from having to be alone. They talk about how great it is because they are addicted and cannot function without someone listening to them blabber on about nothing all day. As long as they are talking, they feel somehow important. - Yes, I get the irony
Parent
Re:That would imply that non spam tweets were usef (Score:5, Funny)
Parent
Re:That would imply that non spam tweets were usef (Score:5, Funny)
Parent
Re:That would imply that non spam tweets were usef (Score:4, Interesting)
Then you haven't used it to track EVENTS (that affect more than one person) of personal importance to you: the first snippets of information to come out of Mumbai were via Twitter. Last night I used it to track snowfall (and traffic conditions) in Vancouver, BC. Coupled with instant upload of phone cam pictures, it was an amazingly realtime view of my personal geographic area.
Parent
Re: (Score:3, Interesting)
Re:That would imply that non spam tweets were usef (Score:5, Insightful)
I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.
That's what conversations are for. You know, real physical human interaction. Remember that?
Parent
Re: (Score:3, Interesting)
I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.
That's what conversations are for. You know, real physical human interaction. Remember that?
Just so I have this straight, phone conversations are real physical human interactions? Are text messages? And how is reading another's twitter feed, and responding to, different then a phone conversation? Twitter isn't meant to replace physical meetings or hanging out with friends, it's for seeing what people are up without having to directly interfere with what they're currently doing. At least until we master the whole being everywhere at once thing. Then Twitter will become outdated.
Re: (Score:3, Interesting)
No, I was saying that face to face interaction is the best way to keep up with what's going on in your friends life. It makes great conversation over dinner. What's the point of asking your buddy how the kids are if you receive updates over twitter every time little Tommy burps?
Re:That would imply that non spam tweets were usef (Score:5, Funny)
Parent
Re:That would imply that non spam tweets were usef (Score:5, Funny)
Parent
Re:That would imply that non spam tweets were usef (Score:4, Interesting)
That's what ICQ (or more recently Jabber/XMPP) is for! You can send one-to-many messages there too.
Maybe Twitter is the webmailer of the messenger systems. Just as stupid. Also a step in the wrong direction.
I bet this will all continue, as soon as someone writes an OS in "AJAX / Web 2.0", then a "Browser". Then "web"sites for it.... until someone comes up with an "interactive" way of writing "applications" for those "sites".
It's called "the inner platform anti-pattern". Avoid it! ;)
Parent
Re: (Score:3, Funny)
Cause that is just sad.
This is why (Score:3, Funny)
we can never have nice things!
Please say yes (Score:5, Funny)
"Do Twitter Phishing Scams Herald the End of Microblogs?"
*Crosses fingers*
A man can dream...
Irc...Usenet...now Twitter (Score:3, Interesting)
In the case of Twitter, trust lists and a trust rating system would solve all the issues within a few weeks.
Also, wouldn't the phish have triggered most new browsers anti-phish code? Twitter could probably expand it's use of SSL, that would take care of several problems as well.
Large User Base and an Open Pipe (Score:5, Interesting)
Networks are huge blocks of users often with similar, or easily deturmined interests making the marketing more effective and development to exploit their native openness or a security flaw more profitable than spamming huge blocks of @yahoo.com addresses via e-mail only as many have good spam filters, are spam-only accounts or have gone fallow when XX69sExYbUnNiE69XXHOLLA realizes that might not be the best addy for her college admission papers or her resume.
IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.
the nature of communication (Score:5, Insightful)
Every method of human communication brings with it the reasons we communicate. Spam, reduced to its essential quality, is broadcasting greed. And that emotion has been around since the dawn of civilization. Every "new" communications medium will have it, and in western civilization with its emphasis on individuality, materialism, and consumerism, it will be all the more prominent. So is it really news that another medium (in this case, twitter) has started to reflect this? Not really.
Concurrently, we've been evolving ways of blocking out this trash -- ad filtering, blocking software, downloading our TV episodes online, etc. There is a real grassroots effort underway to fight back against advertising and an emphasis on "real" communication -- that is, honest opinions by people we trust. In this disconnected world, networks of trust have become more important than ever as a way of not drowning in the sea of greed, self-indulgence, and attention-grabbing behavior. I know people that use gmail for one reason alone: The spam filtering is just that damn good. I have seen people breathe a sigh of relief and leap to hug me after setting up firefox with ad blocking software -- they are geniunely happy.
The real story here isn't twitter turning to a sea of suck, it's that our culture is changing on a fundamental level. And it is doing this without any real organization, without any center. It doesn't seem necessary for a person to be part of a certain subculture or have exposure to a certain trigger to start it; It's a stand alone complex. That is, for those who haven't seen Ghost in the Shell, a phenomenon where unrelated, yet very similar actions of individuals create a seemingly concerted effort.
We're going to see more of this in the years to come.
no (Score:5, Funny)
Dummest Phishers ever? (Score:3, Interesting)
I don't get this scam at all. They use email disguised as a Twitter DM to drive people to a phishing site to steal Twitter logins, so they can do what exactly? The article says they they can then use Twitter to send messages to drive people to websites. Umm, aren't they already doing that with the email?
Twitter is a free service and holds no personal info that doesn't appear on your public profile, other than an email address. People routinely hand over their Twitter logins to third party sites so they can find out their twitter rankings and other such things.
I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.
Twitter spam easy to stop (Score:5, Informative)
Many people who are replying don't seem to use Twitter or even understand really what is going on with the phishing. Since I use Twitter, I'll explain:
With Twitter, you set up lists of people that you follow. When you follow someone, you can then see their Twitter messages on your main screen (or in your client application if you use one). Everyone else following that person can see the person's messages. People you follow can also send you Direct Messages. These messages aren't seen by anyone but the sender and recipient. In this respect, it is sort of like e-mail only it requires a "trusted relationship" to have been formed first i.e. No spamming from joe_random@somesite.com to everyone_else@somewhere-else.org.
What the Phishers are doing are sending DMs from compromised accounts telling the recipients about some blog post that they should check out. The recipients (assuming they fall for the phish), see a page that looks like the Twitter login page (but is really on access-logins.com). They enter their username and password and now the Phishers have another account to send DMs from. Rinse and repeat. I strongly suspect that there's a Phase Two in there that involves more than just collecting Twitter account information but so far they are just collecting accounts.
Stopping it is easy. If you change your password, they no longer have access. People have been outing people who "sent" them DMs (and thus were compromised). If a person doesn't fix their situation, you could unfollow them. This would mean they could no longer send you Direct Messages. As people stop following compromised people, they will either fix the problem or will dwindle to zero followers. Spam stopped. (If only e-mail spam were so easy to stop.)
And to address the "Twitter is useless" commentary, yes there are a lot of people on Twitter who post inane things. Then again, there are some good posters. (For example, I follow Greg Grunberg from Heroes and love reading his tweets.) I think you'll find that in any online medium. Blogs are like this, web sites are like this, even comments on Slashdot are like this. Choose a random Slashdot article and browse at -1. You're sure to find many worthless comments for every worthwhile comment. As for Twitter, I tend not to follow the inane Twitter posters, so I don't see those posts in my Twitter-feed. Like any online tool, Twitter is only what you make of it.
I don't understand the premise... (Score:5, Insightful)
You can no longer innocently follow a link because some quasi-stranger tweeted it to you without being wary
Let me fix that for you:
You can't innocently follow a link because some quasi-stranger tweeted it to you without being wary
Why would you, or anyone, have ever assumed otherwise?
Why worry about social networking /imposters/? (Score:3, Interesting)
Why worry about those claiming to be an existing well-known social networking site? It's already common practice for these places to, no impostering involved, ask for login details of completely unrelated sites when you sign up. That should _NOT_ be considered in any way okay, even from a site you "trust".
And then there's OpenID or whatever it's called, which basically says "make it not just disturbingly common, but recommended!" wtf?
Follow the Money (Score:3, Insightful)
Re:Follow the Money (Score:4, Insightful)
...at which point random malicious Internet users would have an ideal instant-revenge plan for whichever company they don't like very much today. You don't want me to post that response form, do you? You know:
Your method specifically fails to take into consideration:
[x] Douchebags
[x] Assholes
[x] Wastes of oxygen
Parent
Re:Let me rephrase that question... (Score:5, Funny)
You are implying one in three has value. I beg to differ.
xstonedogx is reading slashdot.
xstonedogx is scratching his crotch.
xstonedogx alsj;dfl;kj;
xstonedogx Sorry everybody, that was my cat.
xstonedogx is reading slashdot.
xstonedogx got up to get a Mountain Dew and some Cheetos.
xstonedogx is reading slashdot.
xstonedogx discovered the Higgs Boson.
xstonedogx False alarm.
xstonedogx HANNAH MONTANA RULES.
xstonedogx is punching his sister.
xstonedogx is cleverer than you.
xstonedogx is cleverer a word? is it more clever?
Parent
Re:Let me rephrase that question... (Score:5, Funny)
Parent