Awhile back, I clicked a link in a tweet from my Twitter timeline. No big deal, right? Unbeknownst to me, I had just clicked an infected link aimed at stealing my Twitter credentials. Upon clicking the link, my page reloaded and I was sent back to what had appeared to be the login screen on the Twitter homepage.
Odd, why did it do that?
Suspicion had not yet crept into mind. Determined to return back, I hit the shortcut key to pull up my password manager, 1Password Pro. After entering my master password, 1Password didn’t automatically log me into my account like it normally does.
That’s when I looked at the address bar and finally realized what was going on. The page I was on wasn’t “Twitter”. It was a spoof site intending to resemble the social network, save for one important detail: the URL. I don’t recall the exact link but I imagine it was something like “twitter.dontlookhere.com”.
Since I did’t have my Twitter account password memorized, I didn’t manually enter my password on the page. 1Password did not fill the login form with my credentials because it did not recognize the website’s URL. I don’t know if this was by design but all I know is that I was able to avoid getting my account compromised.
The interesting thing about this was that I had found the link via a tweet. Any regular Twitter user receives their fair share of spammy direct messages. It’s so obvious that the links are up to no good and should be avoided. It’s like email messages. We just don’t trust them as much.
But, what if the same message appears in your timeline? That’s when things get tricky. It’s a lot harder to discern what is legitimate and what is not. We’re conditioned to click links here because we think that spam only makes its way as a direct message. All it takes is a spammer who actually took the time to write a tweet that doesn’t sound the spam alerts in our head (ie. poor grammar, nonsense, advertisement).