Do Twitter Phishing Scams Herald the End of Microblogs?

An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"

Re:No, end of services

[Rinisari]

Domain phishing like the access-urls thing in the article picture could be best fixed by ssl logins...

Re:That would imply that non spam tweets were usef

[mclearn]

Then you haven't used it to track EVENTS (that affect more than one person) of personal importance to you: the first snippets of information to come out of Mumbai were via Twitter. Last night I used it to track snowfall (and traffic conditions) in Vancouver, BC. Coupled with instant upload of phone cam pictures, it was an amazingly realtime view of my personal geographic area.

Irc...Usenet...now Twitter

[GPLDAN]

This is like saying that spammers spell the death of IRC. Or spammers spell the death of Usenet. In the case of both, moderators were the answer.

In the case of Twitter, trust lists and a trust rating system would solve all the issues within a few weeks.

Also, wouldn't the phish have triggered most new browsers anti-phish code? Twitter could probably expand it's use of SSL, that would take care of several problems as well.

Large User Base and an Open Pipe

[Ohio+Calvinist]

I think we'll see spammers start to attack social networks as vastly improving spam filters make e-mail less and less viable. If a social networking site sends all "messages" on the site as e-mail or texts to the user and the user whitelists *.myspace.com or *.twitter.com (or whatever domain it sends as) all they need is to get an open pipe on that service and they've blasted both their screen, inbox and mobile.

Networks are huge blocks of users often with similar, or easily deturmined interests making the marketing more effective and development to exploit their native openness or a security flaw more profitable than spamming huge blocks of @yahoo.com addresses via e-mail only as many have good spam filters, are spam-only accounts or have gone fallow when XX69sExYbUnNiE69XXHOLLA realizes that might not be the best addy for her college admission papers or her resume.

IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.

Re:Large User Base and an Open Pipe

[RegularFry]

IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.

Here in the UK they'd probably be liable under the Computer Misuse Act for breaking the T&Cs of the social network site in question, which is arguably a bigger deal. I don't know what the US equivalent would be.

Re:That would imply that non spam tweets were usef

[Hurricane78]

That's what ICQ (or more recently Jabber/XMPP) is for! You can send one-to-many messages there too.

Maybe Twitter is the webmailer of the messenger systems. Just as stupid. Also a step in the wrong direction.
I bet this will all continue, as soon as someone writes an OS in "AJAX / Web 2.0", then a "Browser". Then "web"sites for it.... until someone comes up with an "interactive" way of writing "applications" for those "sites".

It's called "the inner platform anti-pattern". Avoid it! ;)

Dummest Phishers ever?

[Al+Al+Cool+J]

I don't get this scam at all. They use email disguised as a Twitter DM to drive people to a phishing site to steal Twitter logins, so they can do what exactly? The article says they they can then use Twitter to send messages to drive people to websites. Umm, aren't they already doing that with the email?

Twitter is a free service and holds no personal info that doesn't appear on your public profile, other than an email address. People routinely hand over their Twitter logins to third party sites so they can find out their twitter rankings and other such things.

I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.

Re:That would imply that non spam tweets were usef

[billyt007]

I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.

That's what conversations are for. You know, real physical human interaction. Remember that?

Just so I have this straight, phone conversations are real physical human interactions? Are text messages? And how is reading another's twitter feed, and responding to, different then a phone conversation? Twitter isn't meant to replace physical meetings or hanging out with friends, it's for seeing what people are up without having to directly interfere with what they're currently doing. At least until we master the whole being everywhere at once thing. Then Twitter will become outdated.

Why worry about social networking /imposters/?

[Lord+Bitman]

Why worry about those claiming to be an existing well-known social networking site? It's already common practice for these places to, no impostering involved, ask for login details of completely unrelated sites when you sign up. That should _NOT_ be considered in any way okay, even from a site you "trust".

And then there's OpenID or whatever it's called, which basically says "make it not just disturbingly common, but recommended!" wtf?

Re:That would imply that non spam tweets were usef

[Hatta]

No, I was saying that face to face interaction is the best way to keep up with what's going on in your friends life. It makes great conversation over dinner. What's the point of asking your buddy how the kids are if you receive updates over twitter every time little Tommy burps?

Re:No, end of services

[cparker15]

They really should implement SSL logins soon. It appears as though Barack Obama's Twitter account was recently somehow affected by this: http://flickr.com/photos/cparker15/3171416978/

While I know this doesn't really mean a whole lot to many on Slashdot, I'm sure @BarackObama has a lot of followers that could have been duped by this.

Re:That would imply that non spam tweets were usef

[kmac06]

The first and only time I used Twitter was to get updates from my brother in the days (and hours) leading up to the birth of his first child. It was great, since he could just send one message and everyone in our family who wanted to follow it could.

Re:Let's hope so

[DrVomact]

The sane internet died a decade ago. We're in the death throws of the internet-of-the-corporate-hack. Likely our next stop will be the reincarnation of an AOL like atmosphere where a central application or website insulates you from the internet, and provides you with a limited array of things to do.

Holy cow, you've hit on the solution! This is exactly what's needed! Needed not by us, of course, but by normals. Consider the possibilities. As you well know, over 90% of the people who own computers are not qualified to use anything more complex than a simple calculator. Computers are very complex tools. What are normals using these tools for? Well, to write email, maybe do their online banking, post stupid pictures of their kids on some website and...what else do normals use computers for? Not counting apps like Free Cell that don't require an internet connection, I mean. The rest of the CPU cycles of these computers are used to transmit spam and various malware—they are the soldiers of the botnets.

Then there's the maintenance & support headaches. Who here doesn't have a gaggle of clueless relatives and friends who bombard them with stupid questions and pleas for help with their malware-clogged, zombified computers? And then blame you the next time something goes wrong?

Well, the solution is now within our reach: put everyone of these people on dumb terminals connected to a service like AOL that gives them very limited options so they're not confused. They just plug it in, turn it on, and the user menu—complete with cute tail-wagging puppy—comes up. Give them access to word processing or spreadsheet apps on a pay-as-you go basis. (No installation hassles!) Sure, their data is now 0wnz0red by some corporate empire, but normals don't care about this kind of stuff.

Better yet, all maintenance problems now become the service provider's problem. You can honestly say "Gee, I can't help you with that, but if you call MyIntarnet's tech support, I'm sure they'll fix it". Best of all, without an on-board hard drive, there's no problem with virus/trojan/worm propagation. Spam will finally die...well diminish, anyhow.

Of course that's for them; people who know better would still use real computers. It would be even better if they could have their own internet sorta like AOL was in the early days...but that's probably not practical.

Re:Let's hope so

This kind of thing has been tried: internet appliances that are locked down, have only have enough onboard storage for the OS and installed apps, and handle pretty much everything else through the 'cloud.' Remember WebTV?

The problem here is that most people see these things as "limited," which they are. People want the machine with all the features, whether they'll use those features or not. They're not going to cough up the dough for a restricted system when they can get the "real deal" for a couple hundred more.

Advertising has a hard time changing that. Previous internet appliances have been advertised as easier to use than normal computers, which is true. They've been advertised as virus free, which is true because of their locked-down nature. The advertising has extolled all the virtues of such a setup, but they still don't sell. Again, the reasons all come down to the illusion of capability. All people see in the net appliances is a restricted system, even though it does everything they need.