Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    I, like many others, am a big fan of Twitter, although I am fairly ruthless about pruning those I follow. Most of the people I follow are either other security professionals or close friends and they normally Tweet content that I am genuinely interested in. The first hint of someone going to the dark side are Tweets like:

    In McDonalds—should I get a cheeseburger or a big mac?
    4 minutes ago from iPhone by InaneTwit

    So confused—must decide soon—1 person in front of me in Q!
    3 minutes ago from iPhone by InaneTwit

    I got the cheeseburger!
    2 minutes ago from iPhone by InaneTwit

    And I will ruthlessly remove them. There is one exception to this, however, one of my younger siblings, who for some reason, I let get away with with this kind of thing. So I was not too surprised to see the following Tweet earlier today:

    This site is AWESOME!!!—
    about 2 hours ago from API

    Following the link, I came to the following page:

    Suddenly, my spider senses are tingling—call me paranoid but that does not look particularly official.  A quick search of the Web shows thousands of identical Tweets from thousands of people who have gladly handed over their passwords to this website (which is  most likely the same password they use for everything, including the Holy Grail, their email account—something I wrote about way back in February 2009).

    What is the message here? Simple—“Think before you click!”

    Would you give your Twitter password to a random person on the street? Of course not, so why would you give it to a random site on the Web? If nothing else, it will save you time when, like my younger sibling, you have to now change your password on  every site you use.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • bundyxc

      That's miserable. I mean, they didn't even make the site look official at all. I can't believe that people would legitimately give away their credentials like that..

    • Mike Pooposterous

      I love how the comment form requires an email address.
      Anyway, it's critical advice you offer, to use different passwords for each major site and every personal-information system we access.

      The usual password-making rules apply.

    • Pingback:—Stealing Your Passwords One Tweet at a Time - Donna's SecurityFlash()


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice