How Twitter Wolfes Look for Easy Prey

The majority of Twitter users don't mind sharing their tweets (i.e. their Twitter updates) with the rest of the world. After all, sharing ones thoughts/actions is at the core of social networks like Twitter, Facebook, MySpace.

However, what users often don't realize is that in aggregate, their tweets paint a picture about who they really are. Take for example those who tweet about hating their jobs. Using the search feature in Twitter, it is possible to gather scores of users who have recently tweeted on their negative feelings about work. This information is useful in the hands of someone looking to make contact with an insider, usually for nefarious purposes.

Another aspect of one's public twitter stream is whether (or in some cases how often) someone has fallen for a scam on Twitter, be it a phishing scam that they simply re-tweeted or a click-jacking attack that suddenly floods one's followers with tens or hundreds of dangerous tweets. Let's explore this item a little further.

Recently, several users fell prey to a scam promising to increase their number of followers. When they clicked on the link promising "tons of followers," users were asked for their username/password. This allowed the scammers to then use that account to spread their message onto more people.

The real danger behind such lapses in judgment, giving another site your (Twitter) credentials, comes from what it says about the victim. By monitoring patterns of behavior, attackers can zoom in on easy prey who appear to engage in a pattern of risky behavior by clicking dangerous links or providing sensitive information. Worse, if that person is one of your employees, attackers are likely to be able to extract username/passwords from the unsuspecting user again. How confident are you that one's Twitter password isn't also their password for work email, bank account info, etc?

No comments: