I thought I would share some tips with you on the
safest way to use Twitter to keep in touch without falling victim to the many
crooks targeting social networks.
12 apps OAuthing
- For Twitter statistics, analysis, or alternative web interfaces, stick
with OAuth-based applications. OAuth is a secure method of allowing
application developers to access your Twitter information. Applications
using OAuth will redirect you to Twitter to confirm the application's
request for access to your account. Websites that directly ask for Twitter
credentials are often well-disguised phishing attempts.
11 snoopers snooping
- Treat the tweet-o-sphere as if you were standing in a pub. Don't
disclose personal details that could be used to impersonate, track, or
allow unnecessary contact. If you were in a pub and a stranger asked
"Where do you live?" you wouldn't likely respond "2000 Main
St., Apartment B." Instead, you might say "the East side."
10 tweeps a-stalking
- If you are comfortable being tracked by friends, family, stalkers, and
governments, then by all means continue to post your GPS coordinates. Many
mobile Twitter applications can post your position within a few feet using
the GPS in your phone and these are on by default. I recommend that
everyone disable this feature. Always explore the options menu in Twitter
applications you are using.
9 careful retweetings
- Don't blindly retweet links. Always thoroughly check out a link before
sending it on. Many spam attacks are socially engineered tweets that
depend on blind retweeting to gather more users into the scam.
8 scammers bilking
- Be wary of Direct Messages from those you don't know. Many users fall
victim to phishing attacks every day and their accounts are often used to
lure you to scam-laden URLs. These accounts will send you DMs with
shortened links that could be malicious.
7 links a-lengthening
- When shortening URLs, use a service that lets other users easily preview
where they are going. Many companies offering these services do provide
ways for users to automatically expand URLs, including Bit.ly (Or add a plus
sign on the end of the URL), TinyURL, and is.gd.
6 so-called deletings
- Delete doesn't mean it's gone. You can now delete tweets, but unlike
emails, they cannot be rescinded. Deleted tweets may no longer show up in
your timeline, but the message will have been delivered to mobile phones
over SMS and to third-party Twitter clients that will not forget your
indiscretions.
5 not-so-private tweets - As with Facebook, privacy on Twitter is not so
private. Protecting your tweets provides a degree of security, but you
still rely on your friends to avoid falling victim to a scam. Hackers
depend on the trust we have for our friends and family and will use their
accounts to gather your most personal details.
4 friend impersonations - Be wary of Direct Messages from your friends if they
seem out of context. As with random DMs, you may wish to check the
shortened link at longurls.org. When my friends send me DMs like
"Increase your followers by 4000%!", I know that it's time to
pick up the phone and let them know they have been compromised.
3 @spam alarms
- Follow @spam for recommendations and alerts related to Twitter scams.
Don't click links in emails appearing to be from Twitter either, always
use a client, or the twitter.com website directly to confirm followers,
reply to DM's, etc.
2 password changes
- If you feel your password may have been compromised change your password
immediately. What is less obvious is that you must also revoke access to
the Twitter API for any applications you are using and re-register them.
If the criminals who have stolen your credentials still have API access
they can continue to impersonate you.
And avoiding those fake celebrities - Verify the identities of people you follow where
possible. If you are following a company (like Sophos!) or a celebrity,
you can often find their real twitter ID on their website. There are more
than 50 variants of Britney Spears, many of which are scams.
