Slider by IWEBIX

Twitter Virus Gone Viral: “Is This You?” (Don’t Click on That Link!!)

I did a quick check on Twitter this morning and I saw lots of direct messages (or DM's) with the same type of wording – which always sets off phishing or virus alarms for me. I NEVER click on those links and neither should anyone else!

Phishing is defined on Wikipedia as " the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication". A computer virus is defined on Wikipedia as "A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. "

So I decided to see who else was having this issue by sending out a Tweet (without any links!) – and I received lots of replies by my followers that also received those DM's. "This You" is trending on Twitter!

Mashable posted on the topic. I did not follow any short URL's – but went to the Mashable website to find the post: http://mashable.com/2010/02/24/this-you-phishing-attack/

Here are some examples of what the Twitter direct messages look like. Remember – DON''T click on the links or else you will spread the virus to your followers!!

Twitter DM text: "haha. This you???? (PHISHING LINK)", "This you???? (PHISHING LINK)".

Clicking on the link does what Graham Cluley's post explained "If you click on the link you are taken to a fake Twitter login page, where hackers are just waiting for you to
hand over your credentials. In fact, they can automatically post the
phishing message from your account as soon as you hand over your
details
."

Unfortunately, several of my followers clicked on that link and their accounts were taken over – which is why I received the DM.

Enjoy Twitter but stay safe, never click on links unless it is from a trusted source. Think before you click on any links from followers via a reply or a direct message to you. The signs are usually there so keep an eye out: phishing and viruses attacks regularly try to sneak into our online world.

Here is a post I did on another phishing incident: "Dear Phisher: You Are A SCAT and NOT Wells Fargo" http://www.techmamas.com/main/2009/01/computer-phisher-wells-fargo-.html

Here is a link to the Anti-Phishing Working Group website: http://www.antiphishing.org/

Update 2/25:

TechMeme shared link of post from Graham Cluley's blog titled "This you???? : Phishing attack hits Twitter users".

Graham Cluley also posted with "Malware and spam rise 70% on social networks, security report reveals"

 

Dear Phisher: You Are A SCAT and NOT Wells Fargo

Hacker Phishing Internet scamHere I am – an innocent mom blogging on her netbook, waiting for her son to finish his appointment. I then decided to check my email – when what did I see? A (bad name I can’t publish) phisher sending me a lame email. This is a SCAM by the way (called Phishing). I discussed phishing already in an prior post. But here again, those (bad name I can’t publish) phishers are sending out an email trying to get me and many other “innocents” to give away private financial information on a FAKE website.  So if anyone gets an email like this  DON’T RESPOND! Delete it or put it into your “spam” email folder.

—– Forwarded Message —-
From: WellsFargo Online Banking <reviews.alert@wellsfargo.com>
To: email address (how dare they use my email for that..)
Sent: Tuesday, January 27, 2009 2:28:39 PM
Subject: Important Update From WellsFargo Online Banking
As a valued Wellsfargo Bank Customer,
the security of your
identity and personal account information is extremely important.
We are installing enhanced online security as an additional way
of protecting your Wellsfargo access.

Click logon to confirm your identity.


LOGON

(note from TechMama – DON’T LOGON!!!) THE LOGON IS FAKE $#&!@ “PHISHING URL” , THE SIGNON  REALLY GOES TO:

‘http://scatdealer.com/avatars/.w/online.wellsfargo.com.signon/

So just looking at the URL shows that the email is a phisher – scatdealer.com is not Wells Fargo.com… Infact, anything that starts with “scat” is probably not a website you want to go to. By just running my pointer over the word “logon” I saw the URL without clicking…

Here is the last line of the email:

FAILURE TO CONFIRM LEAVES YOUR ACCOUNT VULNERABLE !

(note from TechMama – You are vulnerable if you log on and fall for the scam..)

 

Attack of the Computer Phishers and Zombie Hordes

Security
Have you ever received an "email" from a "bank" or "credit card company" requesting personal information? I delete any email from any bank or credit card company right away without reading them, but some people may not know to do that. I mean, come on, what institution in their right mind would send an email requesting personal information anyway? I called my financial institutions and they confirmed that they NEVER send emails requesting personal information. If you receive that type of email and still think it is for real, I say give the institution a call (the number you have on your records).

Criminals use something called "Phishing" to obtain personal information from unsuspecting people. The Anti-Phishing working group is committed to "wiping out Internet scams and frauds".  Here is their definition of Phishing:

"What is Phishing and Pharming? Phishing attacks use both social engineering and technical subterfuge to steal consumers'
  personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as      credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning."

The site also has information on how to avoid phishing scams.  The phishers set up mirror websites of those used by consumers as a way to falsely collect personal information. I looked on one of the phishing emails I recieved and although it was suppposed to be a popular bank, the URL was something I did not recognize (hint, hint). 

Amazon.com has a section in their help area with information on identifying phishing and spoofed emails. PayPal also has a Phishing Guide. The Federal Trade Commission has a section on Web Scams (and a warning about false emails). Banks like Wells Fargo also have sections on how to protect yourself against online security fraud and info on fraudulent emails and websites. Here is an example of a fraudulent email from the Wells Fargo Website:

"Subject:  Notification for Customer of e-mail address change

E-MAIL CHANGE NOTIFICATION

Dear Customer!Thank
you for banking online at wellsfargo.com. Our records indicate that you
recently added or made a change to one of your email address(es). This
notification is to confirm that you initiated this change. If you feel you have received this email in error and did not add or change your email address(es), please click here.Sincerely,

Online Banking Team"

Just in case you were wondering, DO NOT CLICK THERE! Or as the FTC says: *Don’t open the attachment. * Delete the e-mail. * Empty the deleted items folder.

I saw on Yahoo Tech a post that also identified another Internet security risk: innocent computers being hijacked to use for sending out spamBBC News reported that "the FBI is contacting more than one million PC owners who have had their computers hijacked by cyber criminals". The hijacked home computers are called "Zombies".  Another post from Yahoo Tech also discusses the ways to beat spyware (Step 1 and Step 2). All I say is that it is very important to have anti-virus and anti-spyware modules running active on your computer. Symantec has a full suite of products, McAfee and software called BitDefender (which is reasonably priced).

I am interested in what other people have used to protect themselves against computer viruses and spyware? Any other lessons learned?