Twitter – A Phishers/Spammers dream

Jon Rajewski social media

My topic of discussion this morning is “Why are Phishers/Spammers easily using Twitter?”

Twitter has it’s benefits, especially for circles of practitioners like the Digital Forensic / Incident Response (hashtag #DFIR) in that we can quickly collaborate in near real time. Apps have been built for multiple platforms (Android/Iphone/Mac/PC etc).

A quick aside: Twitter has taken the commerce arena by storm. Many marketing groups around the world are using Twitter to make informed decisions and to interact with customers.

Gatorade Social Media Command Center

Here is today’s scenario 

This morning I was researching treadmills. I’m a marathon runner that doesn’t like to train outside when there is ice on the ground. In my research process I decided to look to my good friend, Twitter. What I learned is when one attempts to research Twitter for something outside of their trusted feed – for example a NordicTrack treadmill I was presented with a voluminous amounts of posts from what I would consider Phishing / Spamming accounts. 

I see a lot from Twitter on the reactive side of the house. Users can report Spam and block user accounts that they believe to be malicious, but there is little done to prevent the Phish / Spamming accounts from being created in the first place.

This is how you can report an alleged Spammer

That all said and done, I would like to fast forward to a potential solution because this can easily get into a “book long caliber” blog post:

  1. We’ve seen this movie before. One could compare this issue to when malware would automatically create hundreds of Hotmail email accounts to send spam from. Microsoft’s initial response to this was to use Captcha to help thwart off non-human-actual-person account creations. There are many groups doing research into hindering spam accounts on social media sites. Twitter should adopt a more robust account creation process. This will help prevent or hinder the Phish / Spamming accounts from being created in the first place. Currently all one needs to create an account is a valid email address that is able to receive an email so a validation link can be clicked. 
Thank you for reading this. Again, this is a Friday morning, 15 minute blog post on a topic I doubt I have any influence over. But if you know me then you know I like to try to provide solutions and options to make things better. Also if you have any treadmill recommendations please let me know 🙂
Happy Friday 🙂