#Are #you #using @TwitterAu #Safely?
Media Statement from Stay Smart Online - An Australian Government Initiative
Twitter, like any other messaging or social media service, can be attractive to scammers. With millions of active users it provides opportunities to reach out and target victims.
Since it was created in 2006, Twitter has evolved significantly to improve its safety and privacy for users. Nevertheless, there are still many different ways criminals can operate on Twitter. They can target your Twitter account specifically, other online accounts or information, your finances, or the device you use to access the internet.
Just like email and SMS, Twitter-based phishing messages attempt to fool you into taking action.
If you use Twitter you have probably seen Tweets (Twitter messages) encouraging you to click a link or respond to a message—perhaps to win a prize, perhaps to confirm your account details or perhaps to read a fantastic news article—there is an endless range of possibilities.
A common example of Twitter-based phishing incorporates a link in a Tweet which, when clicked, takes you to what appears to be Twitter’s official sign-in page, but is instead a fake page created by the scammers to collect your account information.
If a scammer gains access to your Twitter account through such means, it can be used to send further spam messages to your contacts, circumventing many of Twitter’s protection mechanisms.
Phishing messages will often mimic official organisations and target your accounts for those services.
Twitter accounts that have been compromised, through activity such as phishing, can also be used to distribute malware.
Links in any message or Tweet should be treated with caution. You should evaluate each message and link before you click, however, the nature of Tweets can make this challenging.
Link shortening can make it difficult to know where links will take you in Twitter. A Tweet must be 140 characters or less which is a problem for longer URLs. Twitter solves this by using a technology known as link shortening which automatically condenses very long URLs. Shortened links in Twitter will (in some views) begin with http://t.co, obscuring the actual destination URL.
Twitter does automatically inspect t.co links to see if they are malicious, but this may not capture all malicious links, and it does not inspect links shorted with any of the other link shortening services available online.
Third party apps
There are many apps available for download that interact with Twitter. You need to authorise each app for it to be able to access your account and interact with your Twitter account and activity. Most are useful, legitimate tools, however, there are also some apps which may ask for excessive account permissions or attempt to post advertising to your Twitter timeline. This is a breach of The Twitter Rules. For example, some ‘Free Follower’ apps claim they can gain you more followers, but these apps may be harmful.
While using Twitter remember:
• Be careful clicking shortened links, particularly those that use shortening services outside of Twitter’s built-in t.co service. Understand that the destination link may not be what you expected.
• Evaluate the message, its context and its sender as part of your decision to click. If a message is ‘out of character’ for a sender, you should treat it with suspicion.
• There are plug-ins available for most internet browsers that can display the original URL before you click.
• Be cautious about messages from anyone you do not know or trust.
• Never give out your account username or password. Reputable organisations including Twitter, will not request your personal information via a Tweet.
• If you click a link, always check the website you are on before you interact with it, provide any information or download software.
• Review and revoke, if necessary, access to third-party applications that access your Twitter service.
• Use a strong account password and enable two-step login verification.
• Check your account security and privacy settings.
• Make sure that your software and systems are up-to-date, and that you have automatic updates enabled.
Twitter provides some useful information if you think your account has been compromised.
Stay Smart Online has more information on using social media safely.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.