By Tony Larks, Vice President, Global Consumer Marketing, Trend Micro
You know, the speed of tech innovation never fails to amaze me. Thinking back ten years ago, who among us would have been able to predict that some of the most popular sites on the web would be virtual social networks? They’re such an important part of most of our lives now, the likes of Facebook, Twitter and the rest, that some of the words and phrases associated with them are even finding their way into the Oxford English Dictionary.
The problem with the huge rate of innovation and the sheer pace of change is that these sites and the companies behind them sometimes take off so quickly that they haven’t had time to fully come to terms with the security implications of what they’re doing. They’ve learnt to run before they’ve learnt to walk, which means they can be caught out when criminals suddenly realise there’s a huge number of exposed users sitting on the Internet which they can take advantage of.
Twitter is a great little tool, from staying in touch with your friends, to finding out the latest news about your favourite bands, footballers or movie stars – it’s all there in bite-sized 140 character morsels. The only problem is that the cybercriminals are there too and they’re looking to hack your account or infect you with malware. Many users don’t pay as much attention to what they’re reading or clicking on via Twitter, and are usually more trusting of messages, especially direct messages that come from followers, and the net’s fraudsters are past masters at taking advantage.
As usual, the criminals want to make money out of you, or your identity which they can sell for money. They could do this by cracking your account log-ins and using it to send out spam and malware to other accounts. Or they could try and send you a malicious link – maybe coming via a direct message from a legitimate (but hacked) source. You click on it and they’ve either got into your account again, you’re taken to a phishing site, or even worse – you’re infected with malware designed to steal more personal information from your PC.
To be fair, Twitter is getting a lot better at protecting the security of its users. It was forced by US regulators in 2010 to undergo independent security audits every other year, and has also began scanning links for malware. The firm has also turned on HTTPS – which makes the site more secure – by default and has even bought up a security company, Dasient, to help it fight spam.
There are still a few simple things users can do to stay clear of the bad guys:
- Be alert – beware of suspicious looking links, even if they come via direct message (could be from a hacked follower)
- Check the reputation of who you follow, they could be a TwitBot (spammer) no value to you, but now an open channel to communicate
- Keep strong passwords – change them regularly and don’t share passwords between your other accounts
- Consider a cloud-based security solution that will scan and block malicious links – adding an extra layer of defence to Twitter’s in-built security
- Keep limited profile information on your account
- Be wary of third party apps that integrate with Twitter, especially if they ask for your log-in details
- Keep your operating system and browser up-to-date with latest versions, blocking the holes some criminals try to exploit.
- Avoid using Twitter on a shared PC, but if you must, make sure you completely log-out after use
HAPPY TWEETING! You can find us on Twitter at https://twitter.com/fearlessweb
Tony Larks works for Trend Micro and is guest blogging for the Fearless Web. The opinions expressed here are his own.
Get more tips, advice, and alerts on Internet security, just “like” Trend Micro Fearless Web Internet Security on Facebook at www.facebook.com/fearlessweb.