Thursday, November 5, 2009

How I Was Caught Phishing

What is Phishing?
It's when you get an email appearing to be from someone you know (or an organization you are a part of), but it's not. It's from bad people. The email offers a click-through (link) for you to click on and log into your account. When you click on the link, the webpage/website mirrors the website of your actual organization/friend/associate.

I was caught Phishing through my social network, Twitter.
In Twitter, you can direct message people. My direct messages from Twitter get forwarded to my email account. So, what happened was I "clicked-through" the link in the message from my email account and logged into Twitter. Thereby providing the bad people with my login/password info to my Twitter account.

What happened next?
The bad people started using my Twitter account to spam my Followers with Direct Messages from me. And since I'm a trusted source (friend/associate), some of my Followers may have fallen into the same trap I did.

How to Protect Yourself?
When you get messages from another source (not an email), but a Direct Message from Twitter, Facebook, etc., forwarded to your email account: DO NOT CLICK THROUGH FROM THE EMAIL. Login to your account from your bookmark for that website and deal with the messages directly in the website. Therefore, the spammers can't get your login/password information.

No comments:

Post a Comment