About
"Distrust and caution are the parents of security" - Benjamin Franklin
Do not use public computers to log on to
your personal accounts. No airport internet machines, no hotel business
center, nothing. I know how many times you really need to check your
email from a friend’s computer – just don’t do it. You have no idea
what’s running on that machine.
This advice can be extended to general online activity, not just social
networks, and most importantly, not just Twitter. You should care at
least as much for the security of your e-mail account, especially if it
was used to register your Twitter or Facebook accounts. Basically, a
compromised email account opens op new ways for the bad guys to get into
your other accounts: the password reset function usually sends a link
to your email address for confirmation.
Keep all of your applications updated – operating system, antivirus,
browser plug-ins, everything. You can be using the latest version of
Google Chrome, you’ll still get infected if your Windows security
updates are disabled. Security means several layers of defense, and you
can’t break any ring in the chain.
So many times I hear people around me saying “hey, my computer is
infected, but it’s okay, I can still do my things.” You can still do
your things, but who knows who else is doing *their thing*, intercepting
your browsing sessions or logging every key that you press. That includes, all of
your activity on social networks such as Twitter, leading to easy account
hijacking scenarios.
Be careful what links you click on. URL shortening services like bit.ly
are doing a “great job” masking the final destination of your click. You
can unwittingly land on a server which is hosting phishing sites or
pages distributing malware. Cybercriminals have
made Twitter their favorite phishing target now, and they often will send @
messages to users that look like they contain information of interest or come
from a username that’s slightly different from someone you follow.
If they cannot guess the password, cyber criminals will try to make you
give it to them, without you even realizing. Keep your eyes wide open
when you see e-mails asking you to reset your password, especially if
you have not requested it. These phishing
messages often will come to email addresses other than the one that’s
associated with your Twitter account, which is a major red flag.
Here’s a nice tip instead. Think of a phrase that is most likely unique
and easy to remember, for example, “uniqueeasytorememberphrase”. Be sure
no dictionaries used in brute-force attacks include such a password.
Also, after using it for several days you will start typing it faster
than the blink of an eye.
Do not use trivial passwords. Think of something unique, a password
which no one else would think of. Don’t necessarily add numbers
or hard to remember characters – “admin123” will never be *much* safer
than “admin”, and if you add strange characters, you’ll wake up one
day having a hard time remembering your password.
In general, a lack of user education and
strong policies regarding online security often lead to undesirable
events. Whether you manage an official Twitter account or a personal
one, you should know how Twitter accounts get hacked so you can protect
yourself.
Here are some methods:
In the long-awaited return of the News Wrap podcast, Threatpost’s newest editor, Paul Roberts, makes his debut as he and Dennis Fisher discuss the Network Solutions parked domains hack, the troubling attacks emerging on smartphone platforms and the odd story of a Trojan-infected PC being linked to a 2008 airplane crash.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
