Spammers play dirty - hijack Twitter accounts once again

Filed Under: Social networks, Spam, Twitter, Video

Spammers are up to their dirty tricks once again on Twitter, using compromised accounts to send direct messages to unsuspecting users of the micro-blogging network.

A number of Twitter users are reporting receiving private direct messages (known as "DMs" in Twitter-parlance) from friends and acquaintances on the Twitter system. Example messages include the following:

lol it's amazing. look and feel great with [link removed]

whoa this works. i feel good and look good. [link removed]

Clicking on the links take you to a website offering a colon cleansing solution, which apparently can help you shed pounds:

Clean Colon webpage

If you scroll down the webpage you are offered testimonials and promotional videos, promoting the wonders of having your colon cleansed by the company's miracle product.

Clean Colon webpage asking for personal information

It's possible that the spammers are affiliates of the website, skimming money off the top - the more people they get to visit the site and enter their personal information, the more commission they will earn.

But you should still be thinking twice about offering your name, address, telephone number, email contact and credit card details to these guys, however much you want to lose weight by cleaning out your colon.

But because these messages are sent to you via Twitter from a friend's account you may well be more open to trying out the product, or at least clicking on the link. It's a confidence trick, of course, and one which the spammers love to exploit.

So, what should you do if you find your Twitter account has been sending out messages like this?

1. Change your Twitter password - immediately. If messages are being sent from your account it means hackers can also access your details and read your past messages (including private ones). Oh, and make sure you choose a sensible non-dictionary password that's hard to guess.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Simple tips for better web password security from SophosLabs on Vimeo.

2. Do you use your Twitter password on any other websites? Tut tut. Some 33% of people use the same password on every website they access. That means if hackers work out your password on one site, they can use it to open other website account you own too (think of your Hotmail, Gmail, PayPal accounts, etc)

3. Scan your computer with anti-virus software just in case you have malware on it. It's possible keylogging spyware grabbed your password as you typed it in.

4. Never ever enter your Twitter password on any third-party websites. They could either be run by bad guys or, simply, be not properly secured. Either way, why risk giving them your Twitter password? Third party websites that work alongside Twitter and take security seriously won't need your password, they'll use OAuth instead. Learn about Twitter and OAuth here.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.