Sunday, 29 November 2009

Gone Phishing

So, tonight I'm in the pub, halfway through the quiz, (which we lost), when I get a text from Rory Cellan-Jones. Normally I'd be over the moon at this, and gloating to my friends about how Rory and I often chat about technology developments _ "just like that, me and Rory". However that would be far from the truth. Rory follows me on Twitter (because I sponsored him to do so for Children in Need - but wait, it gets worse....), and the text was actually telling me I had a direct Twitter message from him. He was telling me my account had been hacked and I was sending spam messages to everyone (told you it got worse), including him.

Quick interruption to pub quiz while I checked my Twitter account on iPhone (and everyone in pub thought I was cheating by looking up answers), and I realised he was right. Bit of googling later and I worked out how - I'd been caught by a very straightforward phishing scam. I read this post and realised exactly what had happened. Earlier this weekend I'd had a DM from a friend with a weird message about following a link to take an IQ test. I ignored it, thinking maybe his account had been hacked. Later, he posted that it had. So, for some reason, I went back to his DM and clicked the link - just to see what it was (duhhh - why?) - it looked like an IQ test page so I ignored it. Now, I use tabs in my browser and have lots open at once, and sometime in the next few minutes went to one which looked like a Twitter log in screen - so I typed in my user name and password. Duh!! I rarely have to log in to Twitter , and when I do Firefox autofills in my username- it was a spoof site. So - straightforward phishing scam.

Feel so stupid - how many emails have I sent to staff and students telling them to beware of phishing - and I get caught!!! And the BBC Technology Correspondent pointed it out to me. So - be warned - don't click on any links in DMs unless you're absolutely certain they're for real, and never put your log in credentials into a web page unless you're sure it's genuine. I just looked daft to a load of people - depending on the scam, it could be a lot worse.

1 comment:

Dave Eyre said...

For a few quid and a lot of gin, you secret is safe with me.

Incidentally the word I have to post is "fikintec".

just try changing one vowel!!!!!