My topic of discussion this morning is “Why are Phishers/Spammers easily using Twitter?”
Twitter has it’s benefits, especially for circles of practitioners like the Digital Forensic / Incident Response (hashtag #DFIR) in that we can quickly collaborate in near real time. Apps have been built for multiple platforms (Android/Iphone/Mac/PC etc).
|Gatorade Social Media Command Center|
Here is today’s scenario
I see a lot from Twitter on the reactive side of the house. Users can report Spam and block user accounts that they believe to be malicious, but there is little done to prevent the Phish / Spamming accounts from being created in the first place.
|This is how you can report an alleged Spammer|
That all said and done, I would like to fast forward to a potential solution because this can easily get into a “book long caliber” blog post:
- We’ve seen this movie before. One could compare this issue to when malware would automatically create hundreds of Hotmail email accounts to send spam from. Microsoft’s initial response to this was to use Captcha to help thwart off non-human-actual-person account creations. There are many groups doing research into hindering spam accounts on social media sites. Twitter should adopt a more robust account creation process. This will help prevent or hinder the Phish / Spamming accounts from being created in the first place. Currently all one needs to create an account is a valid email address that is able to receive an email so a validation link can be clicked.