Twitter to vet links with goal of curbing phishing attacks

Share this article:

Twitter on Tuesday launched a new service designed to curb phishing links delivered in the microblogging site's direct messages and email notifications.

URLs will be checked against a blacklist of fraudulent sites, such as ones hosting phishing attacks, malware or bogus, spam-related merchandise, the company said. The links will be shortened using Twitter's new URL shortener service, twt.tl, so bad domains can be easily identified in the future.

If a user attempts to click on a link considered to be untrustworthy, users will be alerted via a warning screen.

"By routing all links submitted to Twitter through this new service, we can detect, intercept and prevent the spread of bad links across all of Twitter,"said Del Harvey, who heads Twitter's Trust and Safety team, in a blog post. "Even if a bad link is already out in an email notification and somebody clicks on it, we'll be able to keep that user safe."

News of the service comes as email security firm Barracuda Networks revealed Wednesday in a new report that one in eight Twitter accounts created in October "was deemed to be malicious, suspicious or otherwise misused and subsequently suspended."

Paul Judge, chief research officer at Barracuda, told SCMagazineUS.com that he was puzzled why Twitter isn't examining links delivered on the public feed, where a majority of malicious URLs reside.

"It's an ocean compared to the bathtub, so to speak, of malicious links showing up in direct messages," he said. 

In many cases, cybercrooks create fake accounts or take over legitimate accounts, Judge said. Then, they leverage Twitter's "trending topics" to determine what users are most commonly searching for, and then send out fraudulent links related to those hot terms as public messages.

Judge said he admires Twitter's first step toward admitting it has a malware problem.

"Now the journey begins of how proactive they're going to be in addressing security," he said. "[But] attackers are taking note and they'll be more creative. They were having it easy for awhile."

Twitter last summer began notifying users when they posted a link to a known malicious site. And in November, popular URL shortening service bit.ly announced it was partnering with VeriSign, Websense and Sophos to deter malware.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.