TinyURL – A Huge Opportunity for Cybercrime (How not to get hit… Like I did)
Wednesday, October 14th, 2009 at 11:34 pm by Tracy Mooney
It’s true. I, Tracy Mooney, was just the subject of a social engineering scheme. It’s going around like the flu! I’m curious if anyone else has been hit.
Ever clicked on a TinyURL? Well, I did, and as a result, it sent me to a fake site and then spammed all of my followers on Twitter. You’d think that as a Cybermom I’d be fool-proof. But the truth is these guys are clever. They’re relentless. The cyberscammers disguised their message in a TinyURL that was automatically forwarded to me from a fellow tweep, who was also hit. If your friend sent you a message with a TinyURL, would you click on it? Most of us would – and that’s why cyberhackers do scams like that. Fortunately, my bank details weren’t compromised and a scan of my computer with the Virus Removal Service shows that I don’t have any malicious software on my computer.
But here is the lesson, folks. Cybercriminals go after everyone, and everyone needs to be on scam high alert. If this can happen to me, a person who writes about this stuff weekly, it can happen to anyone. As I have always done in the past, I am putting my experience out for all to learn. Here is what to keep on the lookout for.
Cyber Mom’s Recap
The link came as a direct message on Twitter from someone I know with a link that used tinyurl (a web address shortening service). When I clicked on the link, I was brought to what looked like Twitter. After that the SPAMMERS took over my account and started sending out direct messages to all of my followers (and then some!) with a link that brought all who clicked to this site.
McAfee Labs searched the site and found no malicious code embedded in the site. It looks like a straightforward phishing scheme just looking to get your contact information. (Which you should NEVER give your address to – I am still getting snail mail from the one time I gave my address with the name “Penelope Retch” during the SPAM Experiment in April of 2008! Makes me feel guilty for all the trees…)
Cyber Mom Lessons of the Day
1. Always be careful of shortened urls – if you can’t see the site, don’t click on the link. Even if you know the person who sent it.
2. Never type in your password when you have clicked on a link to get to a site. Instead, type in the address of the site and then log-on, to make sure you’re in the right place.
3. If you even *think* you may have been phished or that you may have given away your password – change it immediately.
4. Consider using an application like Power Twitter in Mozilla Firefox or something similar that un-shortens shortened links in Twitter – Power Twitter shows you a thumbnail of the page so you know where the link leads.
5. And if you’re worried, go to McAfee’s Cybercrime Response Unit to see how much danger you may be in.
I’m curious if anyone else has fallen victim to this type of scam – let me know if so!
Safe surfing!
Tracy
cybermom@mcafee.com
Tags: Cyber Security Mom, Family Safety
- Posted in Cyber Security Mom
Numerous shortening services now have a preview option you can set to get a look at the expanded URL. Tweetdeck also has support to expand a couple of types of URLs so you can choose to click further.
power Twitter–awesome!
And what do you do if your Facebook profile is overtaken by spam? Do you know what filters to change, if any? How can you stop it?
Leslie,
If your Facebook or Twitter account ever gets taken over, change your password immediately. I would suggest checking to see what was done with your account, especially your outbox, and go from there. It is doubtful they would change settings in an application like facebook, but I would check anyway. Run a virus scan to make sure there isn\\\’t anything hanging out on your computer such as a virus or keylogger.
Thanks for the question.
Tracy