Twitter Deploys New Anti-Phishing Service

Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages.

Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages.

The new Twiiter anti-phishing service, which launched Tuesday, essentially serves as a proxy between users and whatever sites the links are pointing them toward. When a user clicks on a shortened URL in a Twitter messages, he first will be routed through the new Twitter service, which will inspect the link and prevent the user from visiting the page if it looks malicious.

In a blog post, Twitter’s director of trust and safety, Del Harvey, said that the company is deploying the service as a way to keep users safe from the increasing levels of phishing and other malicious activity on the site.

“By routing all links submitted to Twitter through this new
service, we can detect, intercept, and prevent the spread of bad links
across all of Twitter. Even if a bad link is already sent out in an
email notification and somebody clicks on it, we’ll be able keep that
user safe. Since these attacks occur primarily
on Direct Messages and email notifications about Direct Messages, this
is where we have focused our initial efforts. For the most part, you
will not notice this feature because it works behind the scenes but you
may notice links shortened to twt.tl in Direct Messages and email
notifications,” Harvey wrote in the blog post.

As Twitter’s popularity has continued to increase in recent months, so has the level of malicious activity. There have been a number of phishing campaigns on the service lately, many involving fake direct messages with links to malicious sites. Because Twitter has a limit of 140 characters for each message, it automatically shortens virtually all URLs posted in tweets.

The problem with this is that the shortened links obfuscate the destination page that the user will be taken to, making it virtually impossible for them to know whether a site is malicious before they visit it.

As part of the new service, Twitter will be sending some links through a new shortening service, twit.tl.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

  • Kevin Su on

    That's true that there have been a number of phishing campaigns on the service lately, many involving fake direct messages with links to malicious sites. Nice blog.

    Regards: IT Services

  • Seo Crest on

    I agree even in my twitter i get various direct messages with links to malicious sites...........

    Regards: Seo Services Jabalpur

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.