Tvvitter scam – How to protect yourself!
How the scam works
As the popularity of Twitter is growing at a staggering pace it was inevitable that malicious activity would start to appear on the service. Graham Cluley from Sophos.com found a very nasty example on how scammers will try to steal your Twitter-account.
As said the aim is to steal your account and gain access to your personal details. In order to do this a message is sent to you that says something like, “check this out” with a TinyURL following it. You don’t know where that link leads unless, like Graham, you have a plug-in that allows you to mouse over it and find out. In this case the link is to tvvitter.com. Make sure you read that closely though, as there is no “w” instead there are two “v” characters.
Clicking the TinyURL takes you to a fake Twitter site which looks just like the real one. Logging in, however, will result in your account being compromised and used for the hacker’s gain. So don’t follow any TinyURL unless you are confident of where it leads and always double check the web page URL you think your are entering information on.
A live Twitter phishing attack from Sophos Labs on Vimeo.
Read more at Graham Cluley’s blog
So what to do??
While shortening a URL is useful, short URL services like TinyURL have long been used for cloaking links to spam and malware that could harm your system.
Here are 4 easy ways to decode that short URL and make sense of it.
1. How to automatically redirect a TinyURL to a preview page
TinyURL perhaps the most famous of all URL shorters, has an inbuilt feature you can turn on which puts a cookie on your browser telling it to automatically redirect you to a preview page which reveals the true source of any TinyURL link you click on. Note that while this is useful, if you use multiple browsers, or for some reason remove your cookies, there’s still a chance you may accidentally click on something bad.
2. How to magically turn TinyURL links to original links on any webpage
Embiggen is a cool bookmarklet which you can drag and drop on your browser toolbar. Anytime you see a page with a TinyURL link, all you need to do is click the bookmarklet and it will transform the TinyURL link to the real link right there and then on the page.
3. How to check short URLs from TinyURL as well as other URL Shorteners
LongURL is a free service which decodes URLs shortened by tinyurl.com, is.gd, ping.fm, ur1.ca, bit.ly, snipurl.com, tweetburner.com, metamark.net, url.ie, x.se, 6url.com, yep.it, piurl.com, and more! If you like it, it’s also available as a Firefox extension named LongURL Mobile Expander , and a Greasemonkey script.
4. How to get a visual check on a TinyURL
While the other services above simply provides you the source URL to a TinyURL, PrevURL takes it one step further by actually combining the functionality of LongURL, and adding a thumbnail of the source page as well. Not only do you get to see the link, you now know what the page looks like before you click on the link.
In the end the Tvviter scam shown by Graham Cluley is a nasty example because it is so easy to overlook the fact it isn’t the real URL. Users don’t normally double check the site they are on via the URL. If it looks like the site they trust that it is and Tvviter is close enough to the real name that a quick glance could make you think it’s fine. The big giveaway that something is up is the fact you need to login to Twitter again, but this won’t ring alarm bells with a lot of users either.
TinyURL links are essential on a service like Twitter with limited character space, but you need to ensure that the link you are following isn’t leading you somewhere that puts your security at risk.
Twitterknol.com is your source for Twitter tips, tricks, tweaks, tools and tutorials, as well as news, articles, opinion pieces and dirty rumours about all this kind of thing. It’s not all about the slebs – we’ll be writing about all the other stuff that takes place on Twitter, too. But, let’s face it, the juicy stuff is going to involve a name. It might even be yours.