Micro-blogging service Twitter gains more popularity every day. One of the most significant indicators of an online service’s popularity is its visibility on the radar of scam artists, spammers, virus creators, and other such agitators. More of these folks are specifically targeting Twitter users lately, and so you should be able to protect yourself by identifying them, blocking them, and not falling for their traps.
Twitter founder Biz Stone recently made a post on the Twitter blog regarding ne’er-do-wells spreading viruses and the like through Twitter profiles. In the post, Stone advises Twitter users to “think before you click”.
Think before you click
“Think before you click” is great advice — in past Of Zen and Computing articles covering topics related to viruses and Internet scams, I have drilled home the same emphasis on common sense. Your best defense against these “Ne’er-do-wells” is not the most expensive anti-virus software. No, your best defense is a good head on your shoulders.
Online scam artists prey on Internet users who scan information at light speed, and exploit that tendency as a weakness. In the case of a social networking service like Twitter, there are two glaring weaknesses in user behavior that can be exploited: reciprocal followers and obfuscated URLs.
Reciprocal Followers
Everyone likes to be noticed and appreciated, and people many enjoy seeing a notification that a new Twitter user has followed their stream of tweets. Reciprocal followers are those who will follow back any users who adds them as a courtesy. This is dangerous behavior — if a scammer is able to make it into your list of Twitter contacts by getting you to reciprocate their following of your stream, you’ll see all of the tweets whenever you check in on the Twitter service.
Now, perhaps that scam artist is able to fly under the radar for a few days or weeks and avoid having their account deleted. As time goes by, the probability that you will see one of their updates and click on a link they post increases.
Obfuscated URLs
A Twitter update is limited to 140 characters in length. This is very short, and the rule has encouraged Twitter members to use URL shortening services such as tinyurl to insert hyperlinks into their Twitter posts. You cannot see the true destination of a TinyURL when moving your mouse over the link, making it an excellent tool for a scam artist to disguise a link to a virus or some other malicious software.
Don’t let them get you
Here is where common sense comes into play: never blindly follow a new Twitter user, and never click on a link that does not come from a trusted source.
When you receive notification that someone new has followed your Twitter stream, check them out before you follow their stream.
- Do the vast majority of their Twitter updates contain links? Red flag — where do those links go, and why are there so many?
- Is this Twitter user’s “following” count many times larger than their list of “followers”? Red flag — a great many others have received notification of this Twitter’er following them, and found a reason to not follow back.
- Has this person been busy adding contacts, but has not yet posted their first Twitter update? Red flag — why have they not posted yet? How do you know who they are, and how do you know they have good intentions for using Twitter? Wait and observe their Twitter activity before following them.
When a link pops up in a Twitter update, decide whether or not you trust the person who posted the link before you click.
- How well do you know the poster?
- How long have you been following this person on Twitter, and what are their other updates like?
- Have you clicked on links posted by this person in the past? What was the result?
- Does the rest of their Twitter update describe where the link goes? This doesn’t automatically mean you can trust the person, but it may (or may not) lend credibility.
- Is it just an empty Twitter post featuring a simple link with no description or explanation?
- Can you infer anything at all about the person’s motivation for posting this link?
If you do not know a new Twitter follower or come across an unfamiliar link, the last thing you should do is click through. Instead, start asking yourself questions about the person or post. If you can’t convince yourself beyond a reasonable doubt to add them to your followers or click on their link, move on. Trust is to be earned — in real life, and much more so online.
Block and report agitators
Twitter would like you to report abusers through their “Twitter, help!” form. And when you think you have spotted a spammer, a scam artist, or someone spreading viruses through Twitter, make sure to use the “block” button.
