Twitter is a nice social network that allows you to send very quick messages to your colleagues and friends alike indicating what you are doing, where you are located and so on. The main feature of this social network is the so-called “Following Tweets,” which is a way to inform you that somebody is following your tweets. Twitter is a powerful platform because it easily allows you to create a huge network of people that are connected. For this reason, it has become a perfect target for cybercriminals and underground markets.Recently we have witnessed the spread of a fake Twitter account that sent messages to thousands of accounts all over the world that says, "Tabitha Sanchez (peacefulslick80) is now following your tweets on Twitter” (Figure1).
[Figure 1 – Twitter message sent by email]
The message is clear and shows a pretty girl saying that she is following your Tweets. Who is Tabitha Sanchez? Possibly a past colleague? A girl we met in some pub or disco some months ago? Well, out of curiosity, we may click to see her profile (Figure 2).
[Figure 2 – Tabitha Sanchez Twitter page]
Tabitha Sanchez does not exist at all. We can see how many people she is following and it seems so strange. Tabitha smells of a robot sending messages to all the accounts she has got on her database. In fact, we notice the TinyURL link that is really dangerous because it does not allow you to know the real site. When we click on the link, we are redirected to an adult illegal meeting website (Figure 3).
[Figure 3 – Adult website]
At the end of the story, Tabitha Sanchez does not exist. She is only a fake account created to fool people in order to invite them to sign up for the illegal adult website. This is typically considered spam, but what happens if your son is the target of Tabitha Sanchez?
- Never trust every message coming from social network. A good deal of skepticism is the best practice.
- Never click on the links obscured by TinyURL or similar tools if you do not know the source of the message. In this case we have been lucky because we have been redirected to an adult website. What if the referring website was a malicious site hosting malware?
- Consider implementing an additional security layer such as parental control software.
The Total Defense Research team monitors the Internet on an ongoing basis to help maintain the safety of its users.