Combatting Twitter Spam and Facebook Leaks

Although my list of 40 information security tips may seem long, there were many things that had to be left out, so to close out my security-themed week here are some additional tips for Twitter and Facebook.

In my original list I addressed not clicking on links in suspicious email. The same goes for direct messages in Twitter. Assertions that you are in some hilarious video or that people are spreading rumors about you are probably spam and clicking the link will take control of your account or, worse, load malicious software that could take control of your computer.

  • If you think a message might be legitimate ask the sender, ideally through another contact method.
  • Additionally, if you want to know where a shortened link goes before clicking it you can use a site like LongURL.

Malicious links from hijacked Facebook accounts are a threat, too. Be wary of people posting links to things with generic descriptions (e.g. "Check out this great video!") or on topics in which that person usually isn't interested (e.g. your dad posting about Kim Kardashian).

The bigger threat on Facebook, however, comes from the power of apps. Facebook apps are used for everything from games to pledging money to charity. It's hard to be active on Facebook without accepting a few apps, but be judicious with which ones you accept. You are giving that app rights to your account. In some cases this may lead to your account getting highjacked, but the more common threat of apps is data leakage.

By granting access to an app you are usually granting the creator of that app (a company or an independent developer) access to a lot of things in your account including your contact information, your friends and the information they have shared with you, and all your posted content. In most cases the app just uses this to customize content and post updates to your timeline, but that data could just as easily be shared or sold. The potential secondary use of that data could simply be to send you advertising or it could be something more criminal such as using personal details to hack into other accounts or to rob your house when your posts make it clear you aren't home.

Weigh the risk of adding an app with the benefit you will receive from it. I use very few apps, but even I can't resist helping to earnĀ Target gift cards for a local school. To minimize your risk, get rid of apps once you are done using them. To do this

  • Click the pull down list next to your name in the upper right corner of the Facebook screen.
  • Select "Account Settings."
  • From the menu on the left of the screen choose "Apps."
  • Click the x to remove apps you no longer need.

Apps are also used by Twitter, usually to extend your Twitter log in on other sites which can you at risk for having your account hijacked. To clear out unnecessary Twitter apps

  • Go to your profile page.
  • Click the "Edit My Profile" button.
  • Click "Apps" from the list on the left.
  • Click "Revoke Access" for any apps you don't need.

It's scary out there. Think before you click.

Leave a comment