Unsuspecting users are receiving DMs with the following text:
If you get this DM, DO NOT VISIT THE LINK. It takes you to a replica of the Twitter () login page where the hackers will steal your account and use it to send out more infected DMs to your friends.
The Twitter spam account has its latest status as:
By all means, don’t click on suspicious links, even if they are from friends without taking precautions. Here is some great advice from the folks at F-Secure about avoiding the problem.
How to Tweet Safely
Avoiding Bad Links, Dangerous Twits and Sneaky Spammers
More than 18 million people already using Twitter, and it probably already feels as if everyone in the world is tweeting away. But on the Internet, great growth comes with great vulnerabilities.
Capitalizing on the trust we have for our online “friends,” criminals are increasingly targeting social networks. So, stay on your toes! To protect your irreplaceable content and invaluable financial information, remember the following while you’re tweeting, re-tweeting and hashtagging away.
1. Be Aware
Twitter is the new frontier of the Internet. And as in any gold rush town, there’s all types floating through. People going to have to learn some of the same security lessons we got used to as e-mail made its way into our lives: Watch where you click; don’t sign up for/follow everything; expect a lot of silly forwards.
2. Trust but always verify
In about two minutes, you could create a Twitter account that impersonates almost anyone living or dead. Twitter has added “Verified Accounts” for celebrities, but no one is really verifying if that page was really put up by your co-worker Stu. That said hackers probably aren’t going out of their way to impersonate your co-worker Stu.
Give any Twitter you’re thinking of following a careful scan. Check if there’s a respectable image; make sure all tweets aren’t entirely repetitive self-serving spam; see if there’s a reasonable follower to following ratio. Then, if you have an interest in their Tweets, follow away.
But don’t let your guard down.
You can never really know if any Twitter account has been taken over by someone with criminal intent. Hackers have hijacked accounts and use them to spread links to spam and phishing scams. We have also seen links point to malware sites where the end goal has been to steal online banking credentials or other personal information. You can keep track of some current Twitter spam risks by following the official Spam Account.
3. Watch those links
Now we come the biggest threat on Twitter: the LINKS. As you know, once you click a link, you could end up anywhere. And Twitter is well aware that bad links have the potential to wreck some real havoc. That’s why they’ve started filtering for malicious links. But they can’t catch everything, especially because the 140 character limit demands that most URLs be abbreviated. Shortened links—even from Twitters you know and trust—can present a unique security challenge. Links from tinyurl, bit.ly and other services have, in rare cases, led users directly to infected files or phishing scams. You can always expand the shortened links you find. But that doesn’t completely eliminate the risk of landing on a site that has been infected, hacked or spoofed.
4. Guard your passwords
Once a hacker has your password, you’re completely vulnerable. So guard your little jewels jealously. Most importantly, DO NOT use the same passwords for your e-mail accounts and your social networking. You should also use different accounts for your business and social accounts. Never use “password” as your password.
5. Never give yourself away
Your bank probably isn’t going to contact you through Twitter—but someone pretending to your bank or PayPal or a credit card company may. Verify any financial concern directly with your institution. And don’t trust anyone that’s asking for financial help. That’s pretty obvious, but the reason that scams exist is that they work! When something is new and a little exiting like Twitter, people may lose themselves and slip up. Don’t be one of those people.
6. Be smart
A good question to ask yourself before you Tweet anything is: Would I say this in a room of strangers? Unless you “protect your tweets,” everything you post goes into the public timeline. So never share sensitive or confidential information—including your e-mail address. Specifically , don’t announce vacations or even too many details about your schedule in advance or while you’re away from your home.