Gone phishing … changing passwords isn’t enough.

Leave a reply
I had started writing this piece yesterday on a train journey back from Leeds, and as phishing was mentioned on Radio4 this morning, including @subutchers ‘to the point’ tweet about password strengths being read out, I thought I had better finish it and post.

I felt ‘obliged’ to post something on passwords and phishing as I encourage and support people/organisations to join up to, explore and use twitter for a number of reasons (another blog item there!), as for example at the well received presentation on social media that I and @epaul gave to the Black Country Construction Excellence Club during the week. As a result a good many people have taken  their first steps into the world of twitter.
Also a high number of trusted friends have succumbed to the recent phishing attacks
Phishing is just what it says on the tin, scams and cons to get you to part with your password and twitter account details. And as Su Butcher says the strength of the password is irrelevant if you give it away! Phishers don’t invest in time and effort in cracking your password – they simply ask for it. And get it.
So why do we give it away?
It seems twitter users see the community as a nice friendly place (it hasn’t until recently had the hard core spam that email for example has had) So when a friend suggests a nice application for increasing followers, monitoring twitter influence, testing your IQ,suggesting people you should follow etc, we fall for it and give up our high strength password. And of course re-tweet that we have done so.
In addition there are an ever increasing number of new twitter apps for pc’s mac’s and phones and don’t we just love trying them out? And of course we give our ultra high strength password away.
There are phish scams that offer to clear your tweets up if you have fallen foul to a regular phishing attacks, all you need to do is hand over your new unbreakable password. And it seems tweeters do, again!
As I mentioned in the Black Country to potential twitters: treat your password as though it was your bank account details. Don’t give access to others simple. Or and if you do, change it immediately.
More importantly though is to check and know who you have given access and authority to. You may be surprised – I was and I thought I was ultra careful.
  • Go to the web application for twitter and open your account. (with the far more sophisticated twitter apps available many do not ever go back to the basic web app, this is a mistake as it is here that your account details are held and can be changed)
  • Go to settings
  • Go to connections
  • Here you will see 

    You’ve allowed the following applications to access your account:

  • Revoke access if you have any doubt what so ever.
  • Save
  • Then change password
Do this regularly and don’t visit links in tweets if you have any suspicions at all
But of course phishing is very successful due to the viral re-tweeting of tweets. NEVER re-tweet a link without you have checked it, otherwise you become the phisher!
And if you see someone has been caught, let them know, and refer them to some good advice.

Posted via email from martinbrown’s posterous

Please add your comments:

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s