Twitter's blue bird mascot is certainly no fly-by-night: Recently, the social networking website announced it had 100 million active users, half of whom "tweet" on a daily basis, sending about 1 billion of these short messages in a typical week.
Problem is, some of the messages are from scammers. In a recent report, cyber-security watchdog Barracuda Labs estimated that one of every 100 tweets is "malicious" and that fewer than half of Twitter accounts represent true users sending out tweets to followers (people who have signed up to see their tweets). The rest of the accounts are inactive or set up just to automatically send out spam.
See also: Websites leak personal data.
As always, scammers are after your personal information and your money. But on Twitter they tailor the tactics to the community.
For instance, many people in the social network want to know how many other people look at their accounts. Enter the visitor-count scam. On Twitter's direct message feature, you get a missive that promises a tally. Take the bait, and you'll wind up on a page that displays a random fake visitor number. You'll also be invited to take a survey that requests your cellphone number. Provide it and you'll soon get multiple pay texts, each costing you several dollars.
Another scheme promises to increase the number of your followers. It comes as a message or a tweet — "I will follow back if you follow me" — also requests your user name and password before taking you to a page that says you'll have to enroll in a paying membership to get the added eyeballs.
For those who worry about their online reputations, there's a ruse that starts with these words sent via Twitter's direct message feature: "I saw a real bad blog about you. You seen this?" There's a link to click on, supposedly to take you to the blog, but instead you're delivered to a form that asks for your Twitter user name and password. It's an apparent attempt to hijack your account (which has already happened to President Obama, Fox News and several celebrities).
Tweets are short — they can be no longer than 140 characters. But there's still plenty of room to trick users into downloading malware to their computers. All that's needed is something like: "watch this video, it's sooo good," with an accompanying link. This can sound especially attractive when sent by an impostor celebrity or phony follower.
Cyber-watchdogs have noticed an increase in Twitter spam that just tries to sell you something, especially discount pharmaceuticals that are often counterfeit. Bogus work-at-home schemes, government grants and other ruses are also popular.
All signs are that spammers are turning to Twitter as they wind down their use of the traditional conduit of these missives, ordinary email. In the past year, email spam dropped a whopping 82 percent, according to Symantec, which makes Norton antivirus software.
So, to tweet with fewer cons and more confidence, take the following six precautions:
- Don't open any dubious direct messages. This includes anything that asks a question, starts with "hey" or a similar generic term, or otherwise seems strange to you.
- Treat links as suspicious. If in doubt, don't click on it.
- Never log on to any page with your Twitter account information unless it has a Twitter log-on security technology known as OAuth or directly notes it's from Twitter.com.
- Change your Twitter password every few months — and immediately if you suspect your account has been hacked.
- Check a new follower's stream of tweets. Suspect a scammer if you notice carbon-copy postings or the same links sent en masse to others. Beware when a stranger replies to one of your tweets with a link.
- Pay attention to hashtag piggybacking. A hashtag is a word with the pound symbol before it — such as #caliwildfire — created by users to call attention to particular trends or events. But scammers may use the hashtag of the moment to look legitimate and entice users into clicking on malicious links.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.