The Twitter "crimewave" reached a preliminary peak in October 2009, according to Barracuda Networks, which estimated that 12% of accounts created were eventually suspended as either malicious, suspicious or otherwise misused. In 2008, the equivalent "Twitter crime rate" averaged around 2%.
Last week, sensibly, Twitter launched a new automatic link screening service aimed at preventing phishing and other malicious attacks.
It also has advice for users on how to stay safe on Twitter:
- Use a strong password.
- Watch out for suspicious links.
- Make sure you're at the real Twitter login page before entering data.
Twitter is also increasingly deleting misused accounts, a spokesperson of Barracuda Network says. "We fight phishing scams by detecting affected accounts and resetting passwords," said Biz Stone, co-founder of Twitter in a post. However, numerous accounts were used for malicious purposes such as poisoning trending topic threads with malicious URLs.
According to the report of Barracuda Network, Twitter experienced a number of attacks in 2009 including the following:
- January: Increase in Phishing Attacks on Twitter
- April: StalkDaily/Mikeyy worm
- June: Guy Kawasaki Account Offers Leighton Meester sex tape
- July: Koobface Increase in Twitter Activity
- July: Fake Retweets Spam
- August: Profile Image Spam
- August: Distributed Denial of Service Attacks
- September: Spam Increase including 'Google is hiring'
- September: Direct Message Worm
- December: DNS records compromised and Web site defaced by "Iranian Cyber Army"
As reported recently, thousands of Twitter users were victims of a severe phishing attack where users found a direct message from someone they followed saying "LOL that you--", or just "This you --" including a link to a fake Twitter login page, which URL contained already the users Twitter name.
If the user entered his or her credentials on that page, the phishers could sign in and trick more people. Twitter blogged about that phishing scam, and explained to its users how to detect and avoid an attack.
"As social networking, and specifically Twitter, becomes more ingrained in everyday business, it is crucial to understand the nature of attacks happening on these sites, as well as how users and networks can be compromised." says Dr Paul Judge, chief research officer at Barracuda Networks.