Don't Click that Twitter Direct Message Link

By Peter Bernstein August 31, 2012

Please consider the following as a public service message. I have my fingers crossed that the third time is the charm. What I am referring to is the fact for the third time in the last twenty-four hours I have had to change my Twitter password and revoke various settings in order to stop the havoc caused by malware. 

If you are getting messages like “what are you doing in this video?” with a link that you are asked to click, or some variant on “look who is saying harmful things about you,” again followed by a link, do not click the link. You are toast if you do.

In other words, clicker beware of something like the below.



If you click every one of your followers is going to get one of these messages from you, and thanks to the bad guys you will be flooded back in kind. 

Twitter’s fix is to do as I did as stated above, i.e., reset your password and revoke the privileges of any app that links to Twitter, which can be done in the APPS part of your settings.

The culprit according the experts is called the Blackhole Expoit Kit. Something everyone says is a nasty piece of business that is a root kit with legs to exploit easy targets like Twitter, Facebook, Google+ etc. What I can report is that I ran anti-malware and anti-virus software designed to “root out” the Blackhole and came up empty. 

My suspicion is the original bad boy has been perfected. Not only did I have the aforementioned nightmare but in attempting to change my password I was taken to a page that spoofed the Twitter change your password capabilities and thereby exacerbated the problem by giving the malware my current Twitter password along with a few other favorites when that did not work. Let’s just say for cautions I have changes all of my passwords on things I regularly use.

I also fear that this is a time bomb waiting to go off again since this is not the first time I have experienced the problem.   My issue is that my @berniebernstein Twitter account is one I use solely for business. The good news is I have lots of followers. The bad news is they are not happy campers. In fact, the reason I have my toes crossed as well as my fingers is that I do not wish to change my name as well as my password because it would mean spending time replicating everything in the account. Yikes!

I have contacted Twitter @support to see what they can do for me. I did get a helpful note from them at 2:00AM yesterday morning that my account was in trouble and I needed a password reset and was directed to the appropriate page to do so. 

The bottom line is: don’t click what you don’t like, even if it is from somebody you do. I will keep you posted on what the support folks at Twitter recommend.




Edited by Rachel Ramsey
SHARE THIS ARTICLE
Related Articles

How Do the Year's Threat Predictions Match Reality?

By: Special Guest    8/24/2016

Last year, Fortinet's FortiGuard Labs global threat research team made a series of predictions about cyber threats in 2016. We are now halfway through…

Read More

Automakers Invest in Wearable Tech Pilot Programs

By: Lindsey Patterson    8/24/2016

The advent of wearable technology has recently generated a number of creative products. Consumers check for email messages using "smart" watches and i…

Read More

AI's Major Role in EU's New Data Privacy Regulations

By: Special Guest    8/23/2016

Earlier this year, the European Union passed the General Data Protection Regulation - landmark legislation addressing data protection and privacy conc…

Read More

Broadband Delivered by Fiber Proves Better than Alternatives

By: Doug Mohney    8/23/2016

We're a couple years out on an unprecedented boom in broadband, with new wireless schemes, 5G, high-flying drones and constellations of satellites cov…

Read More

BYOD Could Mean Bring Your Own Disaster

By: Special Guest    8/22/2016

As adoption of wearables becomes more mainstream in the Middle East, it brings added complexity to BYOD in an enterprise. One of the more interesting …

Read More