PHISHING SOCIAL MEDIA
TWITTER ACCOUNTS HACKED
Since writing this post – at least part of my predictions below have become true. Obama, Britney and Fox News “Bill O’Reilly” Twitter accounts were targets of hackers.
I’m on Twitter and some jerk or jerks set up a phishing scheme whereby they annoyingly trick people into logging in to a fake log-in page that looks like Twitter. I won’t give the URL because they don’t deserve to be given any fame. I will say this about phishing though and how it can be most devastating – even though everyone says they don’t keep any important information on Twitter.
Here’s how a more clever and concerted well planned and executed Phisher would take advantage of Twitter (clever until they get caught, none of them expect to get caught though – You log in from an IP address).
Plan: Join Twitter and check out everyone’s little profile to find who seems to have the most money, who is a CEO of a fairly large company, for instance etc. Next take this info and check the public records to find out more. Voter registration will hand over the home address (is it in a nice neighborhood, etc.?), telephone number etc of anyone registered to vote to any citizen (because any citizen has the right to run for office, and has access to any of these records, and you don’t have to show them any ID – at least I didn’t when I tried it in Manhattan several years ago). Now once the information is gathered the Phisher may keep his or her quiet “listening” account and create the actual phishing account – deploying the phony Twitter login page collecting a bunch of passwords. At that point the Twitter account is the last thing that’s of concern to the phisher. He or she may have just gotten your “favorite” and only password and can now log in to every account you have including your online banking records.
The phisher normally keeps going to create confusion and to obfuscate who the actual targets may have been. If 1,000 people all report no problem outside of the Twitter page password hack and suffer no other harmful effects, the actual targets may not be overly concerned thinking it’s just an amateur prank.
Meanwhile, over night his or her bank account has been plundered and transferred three times through different accounts and is now somewhere nobody will ever be able to find it. (see Time article: Enemies at the Firewall.)
Though it’s unlikely that a foreign government would be officially involved in a twitter hack (After all, it’s not like President Elect Obama has a Twitter account or something – right? And it’s not like hackers ever tried to get Sarah Palin’s password either, right?), with so many billions of people in the world, there are possibly more hackers in the world than there are citizens in the U.S. Any number of plans could already exist – and twitter (the quick little real-time social network) is the perfect place to test theories and gather reactions in record time. Unlike Facebook and other groups everyone can see everyone on Twitter if they want.
So like the shortened medical testing period using the life cycle of a mouse as opposed to a human being, multi-generational results can be studied relatively quickly using twitter as the guinea pig (or was that mouse?).
The day after I wrote this post, Read Write Web wrote “Twitter Security Collapses; “Obama, Fox & Britney Accounts Hacked.”, so there’s something to my hypothesis.
In the end it really all comes down to this: Don’t use your dog Maggie as your password. Not even once. And don’t use the same password, no matter how good you think it is, for all your accounts.
