Twishing: Beware of the Latest ID Scam
|Every time a new communication method becomes popular, fraudsters look for a new way to commit identity theft. One of the latest popular scams is "twishing."
Twishing is a combination of Twitter and phishing, uses the growing popularity of the microblogging service Twitter.com in an attempt to steal your identity.
Twitter, which limits users to 140-character messages broadcast to the public or directly to "followers" who have chosen to receive the updates, is one of the latest identity fraud schemes because it is growing so quickly in popularity due to the message length limitations.
Fraudsters jump on new communication methods because law enforcement is slow to respond and communications providers often will rush out new technology without thoroughly testing potential security flaws.
Security flaws enable hackers to gain access to accounts, but such thefts require some technical knowledge. It’s much easier to lure someone (the idea of fishing lures gave rise to the term "phishing") to reveal private information than to hack into their account.
The idea of luring someone to reveal private information is nothing new. Famous check scam artist Frank Abagnale, subject of the movie "Catch Me If You Can", used clothing (e.g., dressing like a pilot) to lure people to give him sensitive information. While the movie was based on facts, a fictional television program, "The Rockford Files" also featured the lead character using fake business cards and smooth talk to obtain information.
Twishing works the same way. A short public message like “see what they're saying about you on xyzblog" followed by a link can direct the unwitting Twitter user to a blog that looks like Twitter, but is actually a site operated by the fraudster, who then seeks to gain personal information. Twitter recently changed its look, which will likely deter twishing for at least a while. But fraudsters are always looking for the next scam.
This is very similar to fraudsters who misrepresent themselves as being from a large financial institution while sending out millions of official e-mails trying to trick legitimate account holders into revealing personal account information. While most of these e-mails will go to people who have no banking relationship with the financial institution, the phishing e-mail will reach some legitimate account holders. The e-mail will ask account holders to resend their account information – often with the threat of suspending the account if they don’t.
Some of the telltale signs that a phishing e-mail is a fraud are typos, poor grammar or incomplete information in the phishing message. But the message limitations of Twitter make it easy to overlook such details. Twitter users will use chat and text message abbreviations (e.g., “u" for “you") and grammatical rules are largely ignored. So the hints aren’t as obvious.
However, some of the basic steps to protect one’s identity work to protect against twishing just as they do against phishing:
Don’t provide personal information online
If a message looks suspicious, it probably is
Be cautious in opening “retweeted" items. The last sender may not be aware of the malicious nature of the message.
DID YOU KNOW...
According to Trend Micro, as many as 13,000 Twitter users were affected by twishing scam originating from user @twittercut
in May, 2009. This twish started with a message stating "OMG I just got over 1000 followers today from http://www.twittercut.com."
[Source: TrendLabs Malware Blog]
|Key Terms To Understanding twishing:
Related Articles on Webopedia:
Based in Colorado, Rob Douglas is an identity theft expert and has been fighting against fraud and cyber crime for more than a decade. He is the editor of www.IdentityTheft.info and a speaker at identity theft conferences across the USA.
The trend for the past two years has been for shoppers to spend more online during the holiday season. How do you typically shop for holiday... Read More »How to Create a Desktop Shortcut to a Website
This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Read More »Flash Data Storage Vendor Trends
Although it is almost impossible to keep up with the pace of ongoing product releases, here are three recent highlights in the flash data storage... Read More »
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »
Tape clearly is on the decline. But remember, legacy systems can hang for a shockingly long time. Read More »Apple Pay Promises to Strengthen Payment Security
Experts believe that Apple Pay and other competitive payment systems will be far more secure than cards, even cards equipped with EMV chips. Read More »Internet of Things Shaping IT's Future
To make the IoT both work and pay off, IT is juggling upgrading and building app-centric networks, mapping out new data center architectures and... Read More »