Twitter is becoming a popular microblogging service with a strong impact as a new communication platform, but it is also being targeted by fraudsters and hackers, who use it as a way to infect people’s PCs with malicious software. Hackers and spammers have found a new way to spread malware on a big scale via Twitter. Now Twitter needs to work on its security and secure users profiles otherwise it may lose a lot of loyal customers which is definitely not good for any company. Twitter account hijacking is an issue that more people need to be aware of. The most recent examples of note include the accounts of Britney Spears. Criminals hijack Twitter accounts in order to spread malware. That is, they abuse the hijacked accounts to post messages to all the â€˜followersâ€™, with a link to a site that serves malware. Earlier this year, accounts of several celebrities (among them Barack Obama – 1.6 million followers, and Britney Spears – 2.1 million followers) were hijacked. A twitter account enables one to send malware links and plain spam to all followers.
A hijacked account can be used to serve malware and spam automatically to all the followers of a user. An account can be hijacked a long time before it is abused. Attackers usually wait for the right opportunity to hit as many users as possible. Twitter is a perfect platform to commit fraud as well. Followers trust the messages that come from the person they follow, while in reality the message could be spam trying to convince followers to fall to a scam. A simple example would be a request to donate a small amount of money to charity (for example to support the situation in Palestine). The link would go to a fraudulent website that records credit card numbers. A high profile account that sends such a message could result in thousands of compromised credit cards.
What can users do to protect their accounts?
1. Protect their twitter credentials – users need to be vigilant and keep on the look out for Twitter phishing attacks. Users can install client side security tools that ensure they are only providing their Twitter credentials to the genuine twitter website. In doing so, they will protect their credentials against keyloggers or malicious browser plug-ins (”man in the browser” attacks).
2. Control and protect your twitter information. Using 3rd party applications and services that enhance Twitter may increase the exposure of users to abuse. Every website which is allowed to automatically post to a Twitter account adds attack surface that criminals may exploit.
Security-wise, Twitter should be treated both as an individual website with its own potential security issues, and as a microcosm into which many existing web attacks can be mapped. This makes securing Twitter harder than protecting typical websites.
Have you had any issues with Twitter security?