December 28, 2011

Top Twitter tips for celebrity watchers

Elad Sharf Security Researcher
Last week, Lady Gaga became the latest celebrity to have her Twitter account hacked. In this instance the hacker used it to attract clicks to a scam offer for a free iPad . While this scam was designed to collect information rather than inject malware or data stealing code, it was incredibly effective. Hundreds of thousands of clicks happened in a very short amount of time before the post was taken down. As a Security Researcher in the Websense Security Labs I’m often called upon to explain the dangers associated with these types of hacks, and how to avoid falling victim. It's a tough one because once an account is taken over the hacker mimics/impersonates the true owner of the account. In the Lady Gaga example the twitter hack used the nickname "monsters" in a rogue tweet which is a term her fans will be familiar with. Making it all the more believable. Here are some tips for staying safe while following celebrities on Twitter: # 1: Don't believe everything you read – if it sounds too good to be true be extra cautious clicking on that link Watch out for suspicious activity in your tweet stream and inbox. If you start seeing strange messages or your contacts are being unusually spammy, it might be that their account has been compromised, # 2: Make sure that your operating system and applications are up to date and patched Tweeted URLs may lead to exploit sites, this may happen through rogue posts on a compromised account but also through a legitimate website that got compromised. Keeping your operating system and applications up to date can protect you from a very large portion of web-based exploits used by malicious websites that are looking to take control of your computer. # 3: Use a security product for your browser Web security gateways with real-time content analysis is the level of protection businesses should use, but for home users there are free security plugins for browsers that can help, for example, can give you a sense if you’re in the wrong place. You can also copy any URL before clicking and have Websense test it for free at . # 4: Your valued data comes first Think about your the value of information you're giving and whom you're giving it to. Is the site you came to asking for valuable information? Will they keep it safe or abuse it? For example, your phone number might lead to text spam or your number registered to a premium text service just as giving your email address could lead to spam. Always read the small print of any offer and don't be afraid to put our researcher hat on and research any site you suspect. Again, Ace Insight is a great place to start. #5: Password information Remember, the same thing can happen to you and your social networking sites. Use different passwords, and consider using separate email accounts for your social networks. Be mindful of where you are sending your updates and the types of security questions you set. Be conscious of anything that asks you to give up your login and passwords.(for example "fake" tweets or an unusual direct message). Also, be sure to check out the Websense Security Labs 2012 predictions. There are some interesting insights on coming trends in social media including how your social media identity may prove more valuable to cybercriminals than your credit cards....(read more)

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.