1/5/2009

Twitter Phishing Scam Alert, Password Safety

I’d heard this was going on, but I just received my first one of these, so I figured I’d better share it with everybody. I received an email that looks like a Twitter direct message notification:

TwitterPhishing

I was a bit suspicious of the message and URL (http://twitterblog.access-logins.com/login), and Google Chrome (my new default browser since Firefox went crazy on me) was kind enough to give me a possible phishing alert when I went to the site.

The site looks exactly like Twitter — the URL is the only give-away. But if you put your user name and password in, you’ve just let someone hack your Twitter account.

The notification will appear to be from someone you know — the follower data is publicly available if your profile is open. It doesn’t necessarily mean their account has been hacked. If uou only get an email notification, not an actual Twitter DM, then their account is probably OK. If you receive one of these as an actual Twitter DM, then they’ve probably been hacked and should immediately change their password.

On the topic of passwords, I know a lot of people use the same password everywhere. BAD IDEA!!!

I hope it’s obvious why you shouldn’t do it. The problem, of course, is trying to manage/remember multiple passwords. One approach is to use some kind of password management software, but that only works from your own computer, and you’re in trouble if you want to log on from somewhere else.

In Chapter 16 (pp. 140-141) of The Virtual Handshake (free download or buy at Amazon), we offer a simple scheme for creating passwords that are unique for each site, but not easily decipherable if someone obtains a single password. I’ve found, though, that more and more sites are requiring longer passwords — sometimes 8 characters — and also doing things like requiring both numbers and letters in the password. A couple of years ago, I posted a little more complex password scheme that should meet those requirements.

Developing a secure password management scheme is one of the single best things you can do to protect against online identity theft.

  • Share/Save/Bookmark
Posted by Scott Allen   
in Chapter 16: Privacy & Safety, Tips
« Outsell report: Social Media in Scientific, Technical and Medical Information Part 1: Social Networking

Composing Music Collaboratively »

1 Comment

  1. A good password scheme is hard to find these days. One of the problems is that different sites require different password strengths. Some sites require at least one non-alphanumeric character, others only allow alphanumeric characters. In addition, at times you will want to (or be forced to) change your password.

    I’ve love to find a good solution to this problem. Your linked solution gets us partway there….

    Comment by Dave Spencer — 1/5/2009 @ 14:50

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

    Search The Site
Archive

David Teten's Blogroll