delbius

<pun about phishing>

Tweet this link on Twitter if you want others to read it.

Ever wondered how, exactly, phishing works and what happens once an account is phished? While there’s any number of reasons why someone might try to gain access to someone’s email or Facebook account or Twitter account, the most common reason for bulk phishing attempts is simply to make money via spam.

Perhaps you’ve noticed that after a phishing attack there are increases in waves of spam; these waves are often interspersed with additional waves of phishing. This is generally because the phishing is meant to gain access to accounts with which to spam. A sample attack might involve a mass phishing attempt — say, a faux log-in screen for a service — that then takes the account credentials gained by such an attack and divides them into three batches. 

The first batch — we’ll call it Round 1 — is used to, say, send out spam via public message. Maybe a status update, maybe an @ reply, maybe an email to a list of non-contact email addresses. This is pretty easily detected and generally these accounts have their passwords reset. Perhaps messages are tested to determine what will result in higher clickthroughs; perhaps it’s used to test analytics on the messages posted; generally, though, this round does less damage than Round 2.

The second batch — Round 2 — is perhaps used to send out spam via private message or DM or email to known contacts. Since folks receiving these messages are receiving them from friends (or acquaintances), it’s more likely that they’ll view the message with the expectation of legitimacy, increasing the chance of clickthroughs or views. 

The third batch — Round 3 — is reserved for another round of phishing, resulting in another round of compromised accounts, resulting in additional rounds of spam, resulting in additional rounds of phishing, and so on — spammers gonna spam.

Services regularly reset passwords on accounts that post or send messages that indicate they’ve been compromised; the reason, though, that these attacks are hard to stop quickly is because not all accounts that are compromised will display behavior that indicates they’ve been compromised.

Things to keep in mind: don’t follow sketchy links, don’t enter in your credentials (login/email address/password) into sites that you aren’t sure are legit, and don’t use the same password on multiple sites, as doing so will simply prolong the attack and give the attacker access to your account on multiple services. For more information on account safety (with a Twitter focus), check out this help page from our Help Center: http://support.twitter.com/articles/76036-safety-keeping-your-account-secure.