Opinion Piece by Roger Thompson, Chief Technical Officer, AVG
Worse still was the fact that as Twitter struggled to rectify the situation, it temporarily removed subscriber’s followers. Celebrities found themselves in the traumatic position of being unpopular…at least for a while! On the flip side, the bug enabled millions of people to force celebrities, such as Lady Gaga, to follow their tweets simply by typing “accept@ladygaga”.
Celebrities mourning the loss of their followers included:
Ashton Kutcher: “Twitter is being hacked by some Turkish hacker. Haha I have 0 followers.”
Sarah Cawood: “Uh oh. Will we ever get them back?”
Stephen Fry: “Do you know, I was sure I had more followers than that. Must have imagined it.”
Justin Bieber: “So I woke up here in LA and Twitter has been hacked. Turns out I am no longer popular.”
Farcical though the story was, it did highlight three major concerns that users should be mindful of:
- While this attack was relatively harmless, the attacker could have directed users to a page full of drive-by downloads and exploits
- Social networks are inherently viral, they multiply all by themselves. Just last week AVG discovered a variety of Facebook apps that were spreading via Friend lists to install adware
- The web is the current attack surface of choice. You should be running some type of dedicated webscanning programme to help guard against harmful links.
So, how can users protect themselves against these types of hacks?
- Limit what you say
- Be careful what you click on
- Be vigilant
- Think before you tweet
- Don’t be too trusting
- Check third party applications
- Password information
- Signing in
- Watch out for phishing attacks
- Being mobile
It’s easy to tweet about where you are and what you’re doing, but do you think about who is listening? What might seem like a harmless comment initially could be used to piece together a picture of your whereabouts and plans! Unless your tweets are protected, they are going to be out in the public domain. Fraudsters can use this information in many ways!
Be suspicious about links that you are sent and that are posted. Many people use URL shortners on Twitter so it is often very difficult to check what you are clicking on. AVG Linkscanner can help check suspicious links, but remember if in doubt, don’t click!
Watch out for suspicious activity in your tweet stream and inbox. If you start receiving strange messages or your friends are being unusually spammy, it might be worth double checking their account hasn’t been compromised.
Remember the whole world can see what you write and even though tweets can be deleted, they are still searchable. Don’t tweet when you’re drunk/angry/emotional, while it is funny thinking about it the consequences are often not as amusing. Additionally, by including ‘hash tags’ increase the search for your chosen term so spend time considering exactly who will be searching for your tweets.
You can never be sure the stranger you ‘networked’ with via Twitter is who they say they are. Don’t be easily befriended by strangers on Twitter who may not have your best interests at heart.
There are hundreds of applications out there for Twitter, before signing up to one of these check they are safe. You can do this by looking for mentions of the tools on trusted sites. Remember that the apps generally require your password and log in details so be extra cautious on sharing this information.
The same basic rules that apply to other social networking sites can also be applied to Twitter, so don’t forget the following too:
Use different passwords, or even better still, set up separate email accounts for your social networks, that way if you stop your account you can easily delete the email account too. Be mindful of where you are sending your updates and the types of security questions you set.
Check your browser settings on your computer, so that your information is not stored for anyone else to see if you are on a shared computer!
As Twitter gets more popular the likeliness of phishing attacks grows. Be aware of attempts to get users to give up their login and passwords by tricking them with fake tweets and direct messages.
Be mindful about who might have access to your mobile phone. If you have a Twitter application, make sure you log out once you’re finished with it.
For more information on how to protect yourself online, visit: www.avg.com