Who Always Look Into My Profile??

This is a poorly written version of the common, “Who is checking my profile?” scam. In fact, except for the poor English in the headline, it’s identical.

Here are the attributes to look out for:

1. The image is set up like the “Who is checking my profile?” scam.
2. The app name does not match the headline and multiple friends have been tagged at random.
3. The “Try it, really works!” comment is present. Again.
4. The album poster is not the person who owns the profile it appears on.

TIP: If you see that you’ve been tagged in a photo, before clicking, see if it’s a friend of yours. If not, do not click. Ignore. If it is a friend, click through only to see the image. If it’s not a photo of you, leave the page or report it. It’s likely this scam, or one similar.

Last week Twitter announced that they had installed a service that will inspect some of the URLs that are submitted through its systems.  The issue they’re trying to solve is primarily in shortened URLs which hide the destination address.  It’s been used by bad guys to hide malicious destinations.  Dave mentioned this technique a couple weeks ago and gave some great tips on how to avoid the being a victim.  Maybe the Twitter security crew was listening?

In the announcement, Twitter mentions that they’ll focus on direct messages and email notifications about direct messages.  I applaud the effort and hope it’s effective.  I wanted to point this out and give Twitter props for working on the problem.  We’ll have to see how effective it is but it’s great to see an attempt toward progress.

Hopefully we’ll see more news like this from other social media providers.

Looks as though a third party app was hit for a phishing scam that has allowed the perps to appear to take over hundreds of Twitter accounts. According to Mashable, since all of the spammed tweets mention coming from the API, the accounts themselves are probably still OK. It’s the app they’ve allowed access to that’s been compromised.

TIP: Always think twice before giving an app access to your account. Do your friends use it? Have they had problems? When in doubt, Google the app. See if it’s legitimate before you click allow.

1. You can remove passwords from edit-restricted PDFs. This article shows you how to defeat the PDF DRM.
2. How to edit your video online for free or cheap
3. The Automation Labs Facebook security scare. Yet another chain message tripping out folks on Facebook.
4. How to avoid YouTube scams
5. Spear Phishers target military

From Mashable today:

“A Twitter phishing attack is spreading rapidly today, attempting to obtain Twitter logins via Direct Messages. If you receive a message reading “lol, is this you”, and linking to a site called “bzpharma”, do not click the link.”

Phishing scams are on the rise and Twitter and Facebook will likely bear the brunt of them. Please, always check the links first. There are a few ways to do this:

1. Always let your mouse hover over the link before clicking it. This way, you can see where the link is going before you click on it. If it’s a pharmaceutical site, and you’re not in the healthcare profession, it’s probably a scam.
2. On the Firefox and Chrome browsers, you can install a handy plugin called, Bit.ly Preview. This plugin shows the full URL of shortened links on Twitter. While not all links are shortened using Bit.ly, most are, and Bit.ly is the default URL shortener of Twitter.

Have you encountered any phishing scams on Twitter or Facebook? How did you resolve them?