Sophos Cloud Optix
Spammers are up to their dirty tricks once again on Twitter, using compromised accounts to send direct messages to unsuspecting users of the micro-blogging network.
A number of Twitter users are reporting receiving private direct messages (known as “DMs” in Twitter-parlance) from friends and acquaintances on the Twitter system. Example messages include the following:
lol it's amazing. look and feel great with [link removed]
whoa this works. i feel good and look good. [link removed]
Clicking on the links take you to a website offering a colon cleansing solution, which apparently can help you shed pounds:
If you scroll down the webpage you are offered testimonials and promotional videos, promoting the wonders of having your colon cleansed by the company’s miracle product.
It’s possible that the spammers are affiliates of the website, skimming money off the top – the more people they get to visit the site and enter their personal information, the more commission they will earn.
But you should still be thinking twice about offering your name, address, telephone number, email contact and credit card details to these guys, however much you want to lose weight by cleaning out your colon.
But because these messages are sent to you via Twitter from a friend’s account you may well be more open to trying out the product, or at least clicking on the link. It’s a confidence trick, of course, and one which the spammers love to exploit.
So, what should you do if you find your Twitter account has been sending out messages like this?
1. Change your Twitter password – immediately. If messages are being sent from your account it means hackers can also access your details and read your past messages (including private ones). Oh, and make sure you choose a sensible non-dictionary password that’s hard to guess.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Simple tips for better web password security from SophosLabs on Vimeo.
2. Do you use your Twitter password on any other websites? Tut tut. Some 33% of people use the same password on every website they access. That means if hackers work out your password on one site, they can use it to open other website account you own too (think of your Hotmail, Gmail, PayPal accounts, etc)
3. Scan your computer with anti-virus software just in case you have malware on it. It’s possible keylogging spyware grabbed your password as you typed it in.
4. Never ever enter your Twitter password on any third-party websites. They could either be run by bad guys or, simply, be not properly secured. Either way, why risk giving them your Twitter password? Third party websites that work alongside Twitter and take security seriously won’t need your password, they’ll use OAuth instead. Learn about Twitter and OAuth here.