Education ∪ Math ∪ Technology

Profile of a phishing attempt

Phishing attempt

(Click the photo to view it larger.)

 

Last night, I got another one of the many direct messages I receive each day via Twitter telling me that someone has written something horrible about me. Since I was using my older computer, and I have Ubuntu installed on it, I decided to click on the link provided in the direct message, deciding that the risk of accidentally downloading a virus was minimal.

The page took a while to load, almost 3 or 4 seconds, and then this page showed up. I was a bit surprised for a second, and thought, hrmm why am I back at Twitter, and why am I not logged in? I reached for the keyboard and was about to type in my password, when I stopped myself and thought, "I should check the URL first." I’m glad I did.

If you look closely, you’ll notice that the URL for this site is not quite right. The word Twitter has an extra i and v in it that shouldn’t be there.

I realized that this was a very clever phishing attempt, and that I had almost fallen for it, even though I knew in advance that the link was very likely to lead to trouble.

My recommendation is to be very suspicious of links you receive via social media and email. If the link seems out of context, or you aren’t expecting someone to be sending you a link, don’t click on it. If you do click on it, DO NOT enter your password or other information on the site. Instead, navigate by yourself to the appropriate website, and enter your login information there.

Please share this information with others so that we can curb the link baiting and phishing going on now through Twitter, email, and other similar services.

More examples:

Another phishing attempt

 

Facebook app phishing

 

Update: If you happen to get caught by one of these phishing attacks, don’t panic. You just need to change your Twitter password. If you cannot access your Twitter account, you should still be able to request a new password be sent to your email here.