Latest Twitter Attacks to the Fore
It's security awareness month, so it's important that the cybersecurity report provides reminders and tips on how to keep computer systems secure. With that being said, I'm reminded that one of the more popular ways people use computers today is to check in via social media. You'll find me frequently writing about social media, not only because I use it often, but because many of the attacks are relatively new and obscure. For example, SANS has found two new types of attacks to be coming of age via Twitter. One is when an attacker responds with a fake retweet. These retweets claim to be a legitimate link, but are no more than a link to spam or reverse malware. Attackers take a similar approach when it comes simply to replying to a tweet. They'll often post a link that only leads to places your computer can be attacked.
For some of my readers, it's possible the notions of tweeting and retweeting are foreign. So allow me to explain. Twitter is a social media site that is very similar to Facebook's "status update" philosophy. That is, individuals login, and are given access to a community of folks they can communicate with. In order to communicate with these folks you have to request to "follow" them. Once you "follow" these people, they often request to "follow" you. The whole concept of "following" is basically computer speak for having access to what they have to say.
When people decide to write something on Twitter (also called a tweet) they have no more than a handful of characters to tell their social media circles (followers) what it is they want to write about. It's very informal. The entire site, in fact, is quite informal. It's not uncommon for us to regularly accept people we do not know into our social media circle, making it somewhat of a breeding ground for rogue attackers, working under the guise of legitimate purposes, to infilitrate our friends and family. When that happens, the spammers are counting on the blind trust we put in seeing a Twitter message posted on one of our friend's page. It's hard to know what to trust and what not to trust. For those of us from an older generation, this can often make social media seem like a vexing landscape. You're uncertainty is more than acknowledged and understood by me. But a very important rule of thumb is this; don't click on links.
You won't be punished for accepting friends into your social media circle as long as you stay away from links, and avoid posting too much personal information that could be used against you. Those who exercise caution will not be rewarded, but may find they are less likely to fall prey to the aforementioned kind of attacks. Additionally, it's not uncommon for people to regularly deny "friend requests" or "following" requests from those people they do not know. Doing so will only help you protect your entire social network.