Scam of the day – February 4, 2013 – Twitter hacking

Twitter has announced that it had been hacked into and that the hackers managed to steal information on 250,000 Twitter accounts before the attack was shut down.  The stolen information includes usernames, email addresses, session tokens and encrypted passwords.  Although the passwords were encrypted, hackers are able to use password cracking programs to decipher the encrypted passwords if the password are simple ones as unfortunately too many people use.  Even more problematic is that since many people make the mistake of using a single password for all of their accounts, once the password is compromised, all of your accounts are in jeopardy.  You can find detailed information in my book “50 Ways to Protect Your Identity in a Digital Age” about how to pick an easy to remember, but difficult to crack password.  One problem with the Twitter hacking is that if you were one of the people who were hacked, you will receive an email from Twitter, however, you also will probably receive an email from the hackers posing as Twitter.  A significant threat posed by the hacking is that people will receive messages appearing to be from trusted sources that will lure them to click on a link, which can lead to downloading keystroke logging malware that can steal all of the personal information from your computer or lure them to provide information to what appears to be a trusted source, but in reality is an identity thief.

TIPS

Never click on a link unless you are absolutely positive that the link is not only from someone you trust, but that they have not been hacked as well.  If you are a Twitter user, the best course of action would be to go to your account and try to log in.  If you are unable to do so , it means that you were one of the accounts that was hacked.  Twitter reset passwords for the effected accounts.  You should then go directly to the Twitter website, go to the “Forgot password” link and reset your password to something safe.  Do not click on a link in an email that purports to be from Twitter because it may well be a phishing attack from the hackers trying to access your information.    The phishing emails used by the hackers apper to be quite legitimate, but they are not.  Instead go directly to the Twitter website on your own by typing its URL into your browser.

Scam of the day – November 10, 2012 – Latest Twitter hacking

A common technique used by scammers and identity thieves is to send you an email or text message purporting to be from companies with which many people do business, such as large national banks, Facebook, Twitter or Ebay telling you that there has been a security breach of your account and that it is necessary for you to take particular steps to protect your data and your account.  The email or text then requires you to provide confirming personal information, which then is used by the identity thief to make you a victim of identity theft or requires you to click on a link to take you to a page where you will be assisted in protecting your account when in actuality what you do by clicking on the link is download keystroke logging malware that will steal all of the information on your computer and make you a victim of identity theft.  However, a similar email that many Twitter users are receiving is actually legitimate, however, there is more to the story.  The legitimate email from Twitter reads “Twitter believes that your account may have been compromised by a website or service not associated with Twitter.  We’ve reset your password to prevent others from accessing your account.”  The email then instructs people as to how they can change their passwords to the password they now wish to use.  The number of Twitter users receiving the email actually is more than the number of Twitter users that were actually in danger of having their accounts hijacked, but Twitter affirmatively decided to err on the side of caution and change more account passwords than might have been necessary and it is hard to criticize that decision although it is possible that the broad resetting of passwords may also have represented a mere mistake by Twitter in determining what accounts were in jeopardy.  But there is another scam of which you should be aware.  Knowing that the word is getting out that the email from Twitter is legitimate, scammers will be emailing and texting their phony versions of this email representing themselves as Twitter. In the scammers emails they will be either asking for personal information or directing you to link to a page to reset your password that will download that keystroke logging malware program I warned you about.  Don’t provide such information and don’t click on any links unless you are sure they are legitimate.

TIPS

The real email from Twitter does contain a link to go to change your password, namely https://twitter.com.  However, you are better protected by not clicking on the link, but typing the real address directly into your address line.  The real email from Twitter does not ask for personal information. If you are asked for personal information, the email you got is from a scammer.   Also check out the address from which you your email is coming and if it isn’t the real email address of twitter as indicated above, don’t trust it.  Don’t even trust an email from an address that contains the word “twitter” in it because that may be from a scammer who just used the name in the phony address.