There has been much happening in the Twitter world lately. Lots of criticism and finger pointing and advice from experienced people to those that they would consider “newbies”.
While it’s always “buyer beware” when you are on the internet, there are some things that can be done to keep yourself safe.
The internet is hyperlinked and with the click of a mouse button, you can quickly move from one internet resource to another. That’s the joy, and certainly the power of the internet.
It can also be the source of grief as well.
In the world of phishing, it is the desire of the phisher to get the phishee to click on a link that will take you to a web resource or to download a file that is going to cause some damage or steal some information or drop some sort of evil payload on your computer.
The smart user knows that by hovering your cursor over an internet link when your status bar is visible reveals where in the world you’ll be transported to should you click.
Herein lies a problem. In an effort to get tweets under the 140 character limitation, various excellent sources like tinyurl.com, bit.ly, etc. will shrink URLs so that they’re considerably shorter and fit nicely within the 140 character constraint. All that you see as a user of most ways to contact Twitter is something like http://@@@@@@.com/###### where the ###### is an identifier that takes you to the shortened link. When you click on the link, you’re actually sent to @@@@@@.com, which translates, and then forwards you to the desired site.
It’s a great technique, helps with the 140 characters and it works pretty quickly. In 99.99999% (rough estimate) cases, there are no issues at all.
Over the weekend, though, the phishers were exploiting this.
Knowing that most people just blindly click and hope that good things happen, a link to a phishing site was sent by direct messages to users. Now, if you used a browser with phishing protection or have the WOT extension installed, you’d be presented with a warning message indicating that you don’t want to go any further. Without the protection, many folks did and that’s when the phisher is able to do her/his business.
Many of us use Twitter clients because of their ability to constantly poll and keep us up to date. We’re all in search of the perfect client. In the scenario above, right out of the package, one such client goes an extra mile to protect you.
The client is Spaz. When it reads a Tweet with a compressed URL in it, it will actually expand it so that you see portions of the actual link in the Tweet before you click it.
Now, this still won’t stop you from shooting yourself in the foot on purpose, but it does give you a sense of where you’re going if you do decide to click that mouse. Note that in the Tweet that I made last night, anyone could see that they’d be going to a website called i220.photobucket.com should they click on it.
You can never be too safe. While I personally am in search of the perfect client, I’m constantly drawn back to Spaz for this reason.
Powered by ScribeFire.
