There’s a great writeup on the Bobijou phishing scam over at Purple Car.

Who Always Look Into My Profile??

This is a poorly written version of the common, “Who is checking my profile?” scam. In fact, except for the poor English in the headline, it’s identical.

Here are the attributes to look out for:

1. The image is set up like the “Who is checking my profile?” scam.
2. The app name does not match the headline and multiple friends have been tagged at random.
3. The “Try it, really works!” comment is present. Again.
4. The album poster is not the person who owns the profile it appears on.

TIP: If you see that you’ve been tagged in a photo, before clicking, see if it’s a friend of yours. If not, do not click. Ignore. If it is a friend, click through only to see the image. If it’s not a photo of you, leave the page or report it. It’s likely this scam, or one similar.

Last week Twitter announced that they had installed a service that will inspect some of the URLs that are submitted through its systems.  The issue they’re trying to solve is primarily in shortened URLs which hide the destination address.  It’s been used by bad guys to hide malicious destinations.  Dave mentioned this technique a couple weeks ago and gave some great tips on how to avoid the being a victim.  Maybe the Twitter security crew was listening?

In the announcement, Twitter mentions that they’ll focus on direct messages and email notifications about direct messages.  I applaud the effort and hope it’s effective.  I wanted to point this out and give Twitter props for working on the problem.  We’ll have to see how effective it is but it’s great to see an attempt toward progress.

Hopefully we’ll see more news like this from other social media providers.

Looks as though a third party app was hit for a phishing scam that has allowed the perps to appear to take over hundreds of Twitter accounts. According to Mashable, since all of the spammed tweets mention coming from the API, the accounts themselves are probably still OK. It’s the app they’ve allowed access to that’s been compromised.

TIP: Always think twice before giving an app access to your account. Do your friends use it? Have they had problems? When in doubt, Google the app. See if it’s legitimate before you click allow.

1. You can remove passwords from edit-restricted PDFs. This article shows you how to defeat the PDF DRM.
2. How to edit your video online for free or cheap
3. The Automation Labs Facebook security scare. Yet another chain message tripping out folks on Facebook.
4. How to avoid YouTube scams
5. Spear Phishers target military