Twitter Deploys New Anti-Phishing Service

Author: Dennis Fisher
minute read

Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages.

Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages.

The new Twiiter anti-phishing service, which launched Tuesday, essentially serves as a proxy between users and whatever sites the links are pointing them toward. When a user clicks on a shortened URL in a Twitter messages, he first will be routed through the new Twitter service, which will inspect the link and prevent the user from visiting the page if it looks malicious.

In a blog post, Twitter’s director of trust and safety, Del Harvey, said that the company is deploying the service as a way to keep users safe from the increasing levels of phishing and other malicious activity on the site.

“By routing all links submitted to Twitter through this new
service, we can detect, intercept, and prevent the spread of bad links
across all of Twitter. Even if a bad link is already sent out in an
email notification and somebody clicks on it, we’ll be able keep that
user safe. Since these attacks occur primarily
on Direct Messages and email notifications about Direct Messages, this
is where we have focused our initial efforts. For the most part, you
will not notice this feature because it works behind the scenes but you
may notice links shortened to twt.tl in Direct Messages and email
notifications,” Harvey wrote in the blog post.

As Twitter’s popularity has continued to increase in recent months, so has the level of malicious activity. There have been a number of phishing campaigns on the service lately, many involving fake direct messages with links to malicious sites. Because Twitter has a limit of 140 characters for each message, it automatically shortens virtually all URLs posted in tweets.

The problem with this is that the shortened links obfuscate the destination page that the user will be taken to, making it virtually impossible for them to know whether a site is malicious before they visit it.

As part of the new service, Twitter will be sending some links through a new shortening service, twit.tl.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.