Saturday, April 3, 2010

Phishers are Here on Twitter

As always, I will start this note reminding you that while I work for Intel on security features on some future Intel chips, I don't speak for Intel on security matters and what I write about is purely my own opinions.

Perhaps it is irony. Maybe it is karma. However, after retweeting that twitter links were safer than google, I got a tweet with a phishing link from a user called @FasterComputerZ.

It looked innocent enough. It came as an @ message from someone who looked like one of the many security people who follow me and whom I follow. Sure, it was a new follower, but I get new followers every week. It also looked a little bit selling oriented, but that isn't completely suspicious by itself either. This wouldn't be the first person that was trying to make money and hoped to connect with twitter to aid that.

It did include a link to a web page. Since, my link expander didn't show any problems, I foolishly followed it. When I got there I saw ads for anti-spyware programs I had never heard of before. More importantly some of them had subtle grammatical errors. This increased my suspicions.

Therefore, I asked my good friend @teksquisite to look into the site. Sadly, it turned out to be a phishing site. Of course, I had already visited the site. I've since run scans on my computer and they've found and fixed some problems. Now, they may have come from elsewhere, but given that the site contained phishing scams, it is suspect.

Could I have been more suspicious in the first place? Yes. However, not everyone has access to the security resources that I have. So, unless you want to live like a hermit and never click another link, you need to realize that someday you will probably visit an infected site.

Keeping your anti-virus and anti-spyware up-to-date should help protect you.

Being extra cautious when things seem suspect with also help. In particular, your security programs probably have more extensive scans that you can run, like mine did. If you think you may have visited an infected site, run those extra scans.

Also, while you aren't sure things are ok, don't expose yourself (and others) to more risk. Don't visit web sites from your suspect computer. If you think you got the infection via twitter, facebook, myspace, or some other social media site. If you can, go to another computer and change the relevant password(s). If you can't get to a computer that you know is uninfected, wait until you have disinfected your computer before changing the passwords.

Finally, if you want to be particularly cautious, you might choose to segregate your life into different compartments. Keep one computer for doing important and private things like banking. Use a different computer for social media and web surfing. That way, if your surfing computer gets infected, your banking and private information is not at risk. I sleep better at night knowing that my banking information is not on this computer where I twitter.

Another form of segregation you can do is to use different strong passwords (that aren't related) for the various things you access. That way, if somehow one of your passwords gets stolen, it doesn't make guessing you other passwords easier.