Recently, a reported phishing attack using Twitter unknowingly compromised user account information. Users received tweets or direct messages using phrasing such as “This you?” or ” LOL is this you” which then sent the Twitter user to an account which asked for identification verification. Then the user is directed towards the Twitter fail whale. Most do not realize that their account has been compromised.
This is not the first reported phishing attack against Twitter users. Twitter has a safe, comfortable atmosphere where users trust other users, reply to direct messages and trust their “followers.” One of the products of Twitter is a level of trust present in the users. They relate to their followers, and their followers do to them, so to see a message/ tweet from a fellow Twitter user does not send any alarm. This trust is very easy for cyber criminals to take advantage of.
Sean Sullivan, a researcher with F-Secure, believes that the rise in phishing attacks on Twitter could be linked to the integration of Twitter with search engines.
The microblog posts will now be added to Yahoo search results much like Facebook status updates and live feed will be added to Google search results. Hot topics have already been abused in SEO attacks, and now Twitter results can further assist the attack.
On the other hand, an active user community such as Twitter can lessen the impact of such scams. Within minutes of the most recent attacks, users had posted information about the links. A hash tag was created in a matter of moments, and users were trying to protect other users from fraud. It takes weeks to stop an email phishing attack.
Although the trust of the Twitter community is exploited by cyber criminals, the same trust and connection that Twitter users have also leads to remarkably fast detection of attack.