Email and Twitter Phishing – Computer Security Expert Offers Protection Tips

We hear the word “phishing” quite often nowadays. If you’ve never heard the term, chances are you or someone you know has encountered it in some form. Phishing is a computer security term that refers to the act of posing as an organization or company that is, in most cases, well known and trusted. Typically, there will be some type of request for personal information of some sort from the phony company. For instance, there may be a form you are required to fill out that asks for information such as your name and address. Likewise, you may be required to simply fill in a user name and password.

The most popular form of phishing would probably be email phishing. Several years ago, millions of people began receiving emails from what were believed to be well known companies such as eBay and PayPal. Phishing emails were also sent from scammers posing as other reputable companies such as popular gaming sites, banks, and stock trading companies.

However, the emails are not actually coming from the companies and organizations that they appear to be from. The email messages claim such things as ‘your account has been suspended’, or ‘your account information needs to be updated’. A common theme amongst phishing emails is their sense of urgency. The subject or message typically implies or warns that you must act quickly.

Unknowingly, many individuals complete these forms and have their information taken by the scammers and subsequently used for fraudulent and malicious purposes. Credit card information is routinely obtained as well as user names and passwords for various accounts to online websites. Unfortunately, these types of emails still exist and are received by thousands if not millions of people every day.

The most recent type of phishing scam that has caught people’s attention is Twitter phishing. One such case happened about a year ago when a CNN anchor had his Twitter account breached and someone began leaving messages with his account. Many other individuals, including celebrities, have had their accounts violated.

Twitter phishing is once again surfacing and at an amazing rate. Individuals have been receiving private messages which contain links. Notably, a message with the caption “This you?” has been circling the Twitter network and unknowing individuals are being tricked in to clicking on the link in the message. Ultimately, it leads you to a webpage that resembles a Twitter webpage. On this page, you are prompted to enter your user name and password. These malicious Tweets allow the perpetrator to gain access to your Twitter account. The Twitter social network is an easy target for scammers because it’s very easy to reach a large number of targets at once while remaining anonymous.

Ryan Purita, forensic examiner and security specialist for Sherlock Forensics states “there are several identifiable traits that can help you to spot phishing scams.” Mr. Purita lists several red flags that we can look out for to help protect ourselves from scammers. “Some subtle things to look out for would be the grammar and spelling of the messages and whether or not the message is personalized or generic.” In many cases, emails and messages are addressed to ‘member’, ‘sir’, or simply ‘hello’. This is because the messages are typically sent to thousands of individuals at one time and the person sending it generally doesn’t know the names of all the individuals they are sending the message to.

Mr. Purita further claims that, “another sign that a webpage might be malicious is that the URL does not match.” You should be able to look at the URL in your search bar to determine whether it’s a phony website. For instance, if you believe you are entering information into an eBay or PayPal webpage, the titles eBay or PayPal should be directly left of the top level domain. That is, whatever name appears before the last dot or period in the domain. A malicious site may read something like ‘’ as opposed to ‘’. Mr. Purita cautions, “never click on a link in an email or message. Rather, you should type the address of the website in to your browser.” Otherwise, you can simply type the domain in to your web browser.

In general, phishing and other scams will continue to wreak havoc on the internet for probably as long as the internet exists. Surely scammers will develop new techniques to trick individuals but, if we are careful and aware, we can learn to spot the signs and protect ourselves.
0 Responses