07th Jul 2009
How to Stay Safe from the Increased Phishing in Social Media & Email
According to Fortinet’s latest report the month of June, 2009 had the “highest rate of phishing attacks to date” on the Web. The rise in attacks is expected to continue in emails and through links on Social Media sites.
In the last 24 hours I have clicked through links on Twitter that have taken me to phishing sites. Two of these links were in my Direct Messages (DM) from a new follower who seemed trustworthy due to his previous tweets and activity.
During the past two weeks I had received messages to other phishing sites via emails on Facebook.
Spam in my regular email increased dramatically last month, including phising attempts. Currently there is a spam message going around on gmail that appears to be from Google which takes on to site that looks like Google, but is a fake as the URL shows.
Phishers pose a problem for everyone on the Internet.
Phishers count on us to make the huge mistake of trusting others, who we believe to be our friends or trusted sites. Phishers are always wolves in sheep’s clothing.
While some malicious people may use similar tactics to phishers, this article focuses on phishers who want your ID and Password information. If used correctly by phishers that information can help them steal money from you or your friends.
STEP 1 to Stay Safe
Use different user names and passwords for all of your online banking accounts. Although you may wish to use the same or similar user-names for Social media and web accounts so your friends can recognize you, always use different passwords. For instance I have a different password for Twitter, Facebook, MySpace, Digg, etc. I keep all of these passwords in a small notebook near my PC.
Phishers count on people being lazy, ignorant or plain stupid. Using the same passwords and user names for more than one account mean that if a phishers has access to one account they can easily sign into others.
It may seem like a hassle to have so many passwords, and it is—but it is less than the hassle people have gone through from having their social media accounts suspended or lost due to phishers. Worse than that is having one’s financial accounts used by phishers and the financial and credit problems and major hassles that can follow that!
STEP 2 to Stay Safe
If your browser asks if you want it to remember the passwords always say NO!
Phisher worms and hackers have been know to harvest that saved information. Using Mozilla Foxfire, or TweetDeck on Twitter seems to help prevent worm access best, but why risk sharing your important info?
STEP 3 to Stay Safe:
Make a habit of being alert. When a link takes you to a sign in page to a familiar site ALWAYS look at the URL to make sure that the site is legitimate and not a phishing clone. For instance, in the last 24 hours I followed two different links from a twitter follower I though was OK. One went to Facebook—only according to the URL above in my browser it was not Facebook. It did not begin http://www.facebook.com , which is how all true facebook URLs begin. The other link took me to a site that looked like You Tube, but again the URL was wrong and did not begin http://www.youtube.com.
Many microbloggers, myself included, use shortened URLs. However, using one means one cannot see where the link goes. If a shortened URL link takes you to a Social media site or app, but the real URL of the site does not show in your browser, such as http://facebook.com – do not enter any of your information. Instead open another tab in your browser. Sign into the real Facebook. Then go back to the Tweet or original place where you followed the link and follow it again. Since you have signed into Facebook the link will automatically open. If it does not open, something is wrong and the link could have led you to a phishing site. The trick of signing into a social media site and then reusing the link works for most social media sites. It recently saved me from a phisher.
STEP 4 to Stay Safe:
Trust no one – not even your closet friends and family on the internet when you follow a link to a site that asks for any username or password.
My best friend in the world builds PC’s, web sites, programs and taught me a lot about passwords and Internet security. We were friends for many years before we joined MySpace, Twitter and Facebook. However, if Rebecca sent me a Tweet or F email with a link that asked for one of my social media passwords I would check the URL in my browser.
I trust my friend implicitly, but we both know that a new worm can get past even all of her formidable and newest defenses on her PC, and hackers have previously snuck past Social media coders, who do a valiant job.
Phishers count on us not to check our trusted friends, sources and sites. Phishers have gained access to people’s email accounts, Twitter accounts, facebook accounts and other IDs and fooled unsuspecting and trusting friends. Remember Phishers are wolves I sheep’s clothing. The best sheep to masquerade as are the people you best trust! Always check the URL no matter who sent you the link.
STEP 5 to Stay Safe:
Follow and be friends with the people on social media who will warn and help you during a problem.
Once a phisher gains access to another members account the phishing can spread like wildfire, as respectable accounts are compromised. Each time there has been a phishing problem on a Social Media site, individual members who discovered the problem sounded the alarm, which was then picked up and made known by other members.
Twitter is the best site for breaking and updating news on any phishing – or actually any attack– on any of the Social Media sites as updates happen quickly in real time and you can follow them all via hashtags (#), whether you actually follow or are friends with the member(s) posting the messages or not. In other words, if there is phishing attack on Facebook, open a tab and go to Twitter, which may not be experiencing the attack but will have the latest breaking news and helpful info you can follow on Facebook thanks to Twitter members not actually Twitter staff.
Enter the terms #phishing or #phishers in Twitter Search to quickly access any news.
You also want to be following members who will help when there are problems. Chances are these members will be messaging on their Facebook walls and tweeting about an attack before it becomes a Trending Topic.
Follow me, @judyrey on Twitter ( http://www.twitter.com/judyrey ) and be my Facebook friend, where I am Judy Rey Wasserman ( http://www.facebook.com/judyreywasserman ) . I have stepped up during every phishing or worm attack spending countless hours messaging to help on Twitter and Facebook during every attack since I became active on twitter,, and a few weeks later on Facebook in early November 2008. Evidence of this is easy to find by scrolling down the blogs at http://ungravenimage.com/blog or in my Twitter timeline.
I am not a social media guru. I am an artist. As an artist my role as a person who inspires and leads the community is a kind of sacred trust. Thus, I am responsible to help my community and especially my followers, friends and fans. For more on the job of an artist see: What is the Job of the Artist?
One of my first heartwarming moments on Twitter happened about a week after the first phishing attack, when Twitter had its hands full as at the same time the accounts of celebrities such as Britney Spears were hacked. I checked out #phishing, which had hundreds of aggregated tweets within a few minutes at the height of the attack, but a week later was happily down to a few each day. Someone had Tweeted about some oddity that they worried might be a phishing attack and asked if they “should contact @judyrey ?”
If I am anywhere near a PC or Twitter access, if there is an attack I will watch your back. And, I do follow back so you can reach me easily with problems that I do my best to help solve. I follow all my followers for many reasons, one of them being that is gives me ongoing access to a great range o information and breaking news.
While you would think that following social media experts and celebrities, who can reach many people would help protect us during a phishing or any kind of problem, that has not proved true.
Organized attacks seem to start late Saturday afternoons and continue until Sunday night. Probably that is due to the fact that most of the Social Media and Tech Gurus are not around much on the weekends; it is their time off.
Very few celebrities are willing or allowed by their managers and PR people to associate themselves with bad news, no less ongoing news that cannot be controlled. There is a huge difference between raising funds for a cause, which is actually perceived as good news and spending many hours messaging updates of newly compromised accounts or phishing link come-ons.
One of the people you should be following, and whose stream you need to keep an eye on is Arleen Anderson who on Twitter is @AohaArleen. If Arleen is around (and no one is inline 24/7 you can count on her to jump in and help. Arleen has great radar and follows many people too, so she is often one of the people to Tweet about a problem early on.
Peter Cashmore’s site mashable.com has great information and can be very helpful. Cashmore can be followed on Twitter at @mashable . He does not Tweet ongoing breaking news but gets news about Social Media, including helpful advice before the regular media can.
Michael Arrington’s techcrunch.com also updates quickly with news of Social Media and internet news. On Twitter follow @TechCrunch
What Can Best Keep You Safe – Apps, Software and Sites
Twitter, Facebook and other Social Media sites are businesses that are focused on making money one day, even if they’re not doing it now. Their goal is to increase membership, not have members move away by threats of phishing, hacking and worms. It is not in their best interests to stir up concern and possible problems by messaging frequent updates about a problem. Instead, they wisely focus their staff of solving the source(s) of the problem.
Also, it is not the responsibility of any Social Media site or email program to guard or protect users from phishers. In truth, that is still out of out technological reach. How can shortened URLs be effectively screened?
While using Mozilla, TweetDeck, having firewalls, and up to date virus protection can help I many ways, they really do not prevent phishing.
When you see or hear news about current phishing from a message of Facebook or Twitter or via a news article, etc. pay attention! Find out more about any current phishing scam. The more you know, the better you will be able to effectively protect yourself, which really is not difficult.
Follow the steps above and stay alert. The best person to keep you from a phishing attack is you!
For more about Phishing see:
How To Stay Safe from the Current Phishing & Trojan Scams on Facebook (& Anywhere Else
Life Lessons Learned from the Phishing Attack on Twitter
Leave a Reply