Sign up to our newsletter
The latest security news direct to your inbox
A few years ago I joked that the only reason I followed Britney Spears on Twitter was to get an early heads-up on when she next had her account hacked.
Actually, thinking back, I wasn’t joking.
It felt like barely a month went by without the singer having her account compromised.
And if her high profile account was exploited, chances were that plenty of her adoring fans were also likely to blindly click on the links without thinking of the possible consequences (too obvious ones being a phishing attack or a malware infection).
Here’s an example from January 2009, when Britney Spears had a lowly 14,000 followers. (Today she has over 36 million. Wow, hasn’t time moved on?)
Well, time has moved on and Britney’s superstar status has diminished a little. After all, there are new kids on the block like Justin Bieber.
Bieber, who like the Britney of old appears to be going through a public car-crash for the benefit of the paparazzi, has an astonishing 50 million followers on Twitter.
And anyone with that kind of social media audience becomes an obvious attraction to social media scammers and online criminals.
Sure enough, this weekend, Justin Bieber appeared to be no longer in charge of his Twitter account – at least for a short time – as messages appeared in Indonesian linking to an Android app called Shooting Star Pro.
Within seconds, Bieber’s fanatical followers were favoriting and retweeting his message regardless, one assumes, of whether they were able to understand them.
Cemberut, by the way, is an Indonesian word meaning sullen or grumpy, and is sometimes used by social media users alongside downcast selfies of themselves.
What isn’t clear is how Bieber’s account was compromised. Did he, or whoever manages his social media accounts, authorise a rogue third party app to post on the Twitter account without thinking of the possible consequences, was he specifically targeted or was someone careless with their password?
Whatever the reason for the unexpected tweets, a warning was quickly posted on the account advising followers not to click on the links.
That link from earlier. dont click it. virus. going to erase this now. spread the word. thanks
Later that message was deleted, and replaced with another claiming that everything was now under control:
all good now. we handled it.
Scammers, spammers and online criminals love to take advantage of innocent people’s social media accounts, because it’s a very effective launchpad for their money-making campaigns.
It’s not just celebrities like Britney Spears, Justin Bieber and Kevin Bacon who fall victim. Many regular members of the public have their social networking accounts compromised every day, and it’s their online friends and family who are duped as a result into visiting dangerous links, believing it is their pal or loved one who shared them.
Always be sure to take care over your passwords (ensuring you only enter them on the legitimate site for which they were designed, and not reusing the same password), be cautious over what third-party apps you grant access to your account, and take advantage of features like two factor authentication to better control access to your accounts.
And maybe it’s time to think twice before rushing to click on a link, next time your favourite celebrity says something bizarre on Twitter.
By the way, while we’re talking about two factor authentication, it’s worth remembering that it’s a good additional protection which can be applied in many parts of your online life – not just on Twitter. Companies looking to harden their defences might consider solutions like ESET Secure Authentication.
Author Graham Cluley, We Live Security