Musings

Lesson learnt… DON’T click on short URLs from friends .. use a private browser if you really want to

Saw this message from a friend on twitter this morning.

“haha the look on your face in this pix is priceless! <url removed>”

Looks innocent enough, we were recently at event and I thought photos were published. Click.

Shortly after, Twitter inbox starts flooding with messages.  I was in a “Doh” moment and quickly got pinged by friends who lucky enough didn’t click on the links yet.

“lmao this video of you is funny as hell, im sharing it with everyone <url removed>”

Lesson learnt. DON’T click on short URLs from friends on any communication. It’s something I follow MOST of the time and unfortunately, trust and curiosity got the better of me today.

Somehow the Twitter session I was on got hijacked and the permissions allowed the rogue app to send messages to my contacts. Had this been a more malicious payload, it would have been less “humorous”.

Thanks to Katy for the info:

http://www.seascapewebdesign.com/blog/do-not-click-link-haha-look-your-face-pix-priceless

and Twitter’s help https://support.twitter.com/articles/31796

 

Have you:

  • Noticed unexpected Tweets by your account.
  • Seen unintended DM’s (direct messages) sent from your account.
  • Observed other account behaviors you didn’t make or approve (like following, unfollowing, or blocking).
  • Received a notification from us stating that, “You recently changed the email address associated with your Twitter account” (even though you haven’t changed your email address).

If so, please take the following steps:

1. Change your password

Please change your password immediately from the Passwords Tab in your Account Settings. Please select a strong password you haven’t used before. If you can’t log in to your account, please see thistroubleshooting page.

2. Revoke connections

While logged in, visit the Applications tab in Account SettingsRevoke access for any third-party application that you don’t recognize.

3. Update your new password in your trusted third-party applications

If a trusted external application or widget uses your Twitter password, be sure to update your password in the application.

 

 

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s