Subscribe to web2feel.com
Subscribe to web2feel.com

All Top Banking

Twitter Outwitted

Posted by John B. Frank Tuesday, January 6, 2009


First there was Facebook, and now Twitter users have been lured into a phishing  scheme causing some users to give up their Twitter username and password to a site "masquerading" as Twitter.com.  (this is  what easily could have happened to CheckFree users instead of them being brought to a blank page...and what will happen more and more in the not so distant future.  This may be a drill, to test the waters.   I predict it will happen frequently in 2009 and I predict there will be a post on the subject tomorrow morning...adorned  with the same graphic that's on the laptop on the right...

The phishing links arrived as direct messages, usually saying something like “hey! check out this funny blog about you….” If you clicked on the provided link your browser was redirected to the URL twitter.access-logins.com, which looks just like the main Twitter login page, but steals your credentials. 

With a main domain name of access-logins, this phishing scheme is not what you’d call subtle, but if you’re worried you might have been duped, the Twitter blog suggests changing your Twitter password. It appears that all the scammers did with the captured login info is send more direct messages, furthering the scam. If you’ve been suckered, Twitter will reset your password for you.

While Twitter did a good job of containing the problem, the suggestion that you not give out your “secret info” is bit ironic since that’s the only way you can access Twitter through third-party sites and apps.

News of the attack led many a savvy Twitter user to gripe about the service’s lack of OAuth support, but, while OAuth would allow third party sites to access your Twitter account without giving up your password, it wouldn’t completely stop phishing attacks.

But OAuth would have one huge benefit that could lessen phishing attacks on Twitter: it would get users out of the habit of giving their Twitter username/password to any cool new site that pops up without thinking about the potential side effects — like the fact that you just gave an unknown party complete access to your account...

Read more at wired.com


Related articles by Zemanta


Reblog this post [with Zemanta]

edit post

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio