One of the largest threats facing users today is from Phishing attacks, or social engineering attempts at getting the average person to click on a malicious link.
The most common form of phishing comes from email however, another form can come from sources like social media, such as Facebook or Google+, services that typically have anti-spam, phishing and exploit features.
Though with every successful integration of anti-spam, anti-phishing and anti-exploit functionality, the bad guys go right back to the drawing table to find a new way to make your life miserable.
This post is not really about an instance of Phishing but rather the potential for it, now on Twitter.
Back in 2011, Twitter introduced an option to a bunch of accounts (but not all) to get direct messages on their twitter account from people they didn't follow, which is the current requirement.
Obviously it didn't go well because soon after, that feature went away.
However, it's back again! This time the circumstances are the same, a bunch of accounts have the feature (which is automatically turned OFF) but not all, me included =(.
The problem here, is that one has to consider the potential for not only spam but also phishing and exploit messages being sent directly to a user (just like with email).
How many of you tweeters would say that while they may not trust 90 percent of their e-mail, if they got a direct message on Twitter, they are more likely to click on a link included with it?
Either way, trust and the internet should not be two terms that go hand in hand since (as I heard in a documentary recently) "The Internet is a bad neighborhood."
So while we are on the topic of Twitter and security, let's talk about a few other features that Twitter users might find useful in ensuring their accounts stay secure.
Security and Privacy:When logged into Twitter, go to your account settings (the gear looking thing next to the compose button, then click on "Settings"). In the Security and Privacy Tab to the left, is the treasure trove of Twitters security settings. Let's look at the security portion first.
I highly recommend using either the "Send Login Verification Request To Your Phone or "Twitter App" Options, they do make logging in a little more of a pain but I would think it was worth it to avoid sending spam tweets to all your friends, potentially infecting your grandparents with Ransomware or having some hacker group pwn your account.
The Password Reset option of requiring personal information is TOTALLY REQUIRED. While it might not be a sure fire way to avoid unauthorized logins, it's still good to have extra security to make it a bit more difficult for the bad guys to take over your account.
The next section is labeled Privacy and while the options I am going to discuss do follow under that label, they are just as important for security.
- Tweet: Going to see my Grandma Shirley today, really excited and I know my Mom is too! #YAY
- Gmail Security Question: Maternal Grandmother's First Name:
The second option is adding a location to your tweets, for this option I only have one opinion on it: NEVER ENABLE THIS OPTION!
Unless you are a world traveler with no actual address and constantly on the move, adding locations to your tweets are great ways not only for cybercriminals to find out very personal things about you but also non-cyber criminals who had been following you on Twitter know exactly when to break in and rob you.
I highly recommend, regardless of the social media outlet you choose to use, never ever put a location down unless you are talking about the address of a burger joint you may or may not visit in the non-specific future.