27 February 2010 ~ 0 Comments

Chicken or Phish?

I got a message from some friends that my twitter account got hacked. What? that stuff isn’t supposed to happen to me! Apparently everyone that was following me got a message that I’m a horny 24 year old girl and something something click on a link. I looked into the situation and it turns out earlier in the morning I got caught in a phishing attack. I’m going to tell you- what happened, how to avoid it, and in the worse case scenario what to do if you do get caught.

I check my emails in the morning on my Droid before I go to work. I got a DM from a friend of mine( who also should not have been caught with something like this) and there was a less conspicuous message- haha. This you???? and a shortened link. I clicked on the link and it sent me to twitter to login. Seeing how I hadn’t fully woken up yet, I “logged in” to the site. Mistake.

So how do you avoid this? well I say the only way to get a virus is to click on a link and download something, and then run it. If a message looks suspicious at all, don’t click on the link! That’s all it takes. Now,  there was almost no way that I was going to get a virus on my Droid so I said, why not?, and clicked the freaking link. Here is the most import line in my post-


Any desktop browser would not let you on the site and tell you it was a phishing site( well I dunno about IE6). In any case, the site has to be reported first. To find out if a site is for phishing look at the URL. On this one it was obvious that it wasn’t twitter, it was actually along the lines of login.twitter.kevanshome.com/login/?8erNv. Obvious. However the navigation bar on the mobile browser only showed the login.twitter part because the screen is smaller. Turns out your smartphone isn’t as safe as you thought.

So you gave your username and password to someone, what do you do now? Try to log in to the site. If you can, change the password immediately  and check the email address that the recovery password gets sent to.  If you can’t log in, that means the person changed the password. Call customer support.

Luckily in my case I was able to access my account and change the password. Even more lucky was that the message I was sending out was so blatantly from a hacked account it couldn’t have done any damage. Also Kudos to twitter, they have a great help page for this situation http://help.twitter.com/forums/10713/entries/31796-my-account-is-compromised-hacked and they also noticed my account was compromised and they reset my password automatically.