Latest Twitter Email Phishing Scam
Posted on by Zuly GonzalezCategories Web SecurityLeave a comment on Latest Twitter Email Phishing Scam

The latest phishing scam targeting Twitter users is in the form of an email message claiming to be from Twitter Support. The subject line of the fake email message starts off with the word Twit and is followed by a set of numbers. These numbers will vary from email to email. The email message claims that you have some number of “unreaded” or delayed messages from Twitter, and provides a link to supposedly check your “unreaded” messages. How nice of them! But instead the link takes you to a malicious phishing website.

There are actually two links in the fake email message, both linking back to malicious phishing websites. Don’t click on either of them! Here’s what the email looks like:

Twitter unreaded email phishing scam

According to Twitter Safety, Twitter Support doesn’t send emails about unread messages.

Twitter safety email phishing scam alert

What Can You Do?

Here are 7 things you can do to protect yourself, and avoid becoming a victim of email phishing scams.

  • If you receive an email message claiming to be from Twitter or Twitter Support with the subject line Twit [set of two numbers here], do not open it and delete it right away.
  • If you receive an email with bad English or misspellings, most likely it’s a scam. For example using the word unreaded instead of unread. Don’t click on any links in the email or download any attachments.
  • Don’t click on links in email messages. Always go to the site directly and log in to your account to check it out.
  • If you must click on a link in an email, for example it’s not a check your account status type of email, hover over the link and look at what the status bar tells you. If the URL shown in the status bar isn’t for the website you’re expecting to go to, don’t click on the link. In the case of this recent Twitter scam, the URL in the status bar doesn’t link to Instead it links to

Twitter email phishing scam domain name on status bar

  • Note that the only domain name used by Twitter is Any URL that doesn’t start with is not an official Twitter page. That’s not to say it’s a malicious site, it’s just not an official Twitter page, so use caution when going to these sites.
  • If you have a Twitter account, follow Twitter Safety or Twitter Spam to get the latest news about known Twitter scams.
  • Read and follow the 5 most important steps for internet security to protect your computer from these cyber crimes.

Image credits: Fake Twitter email, Twitter Safety tweets

Why You Are Not “Good Enough” to Avoid Malware
Posted on by Beau AdkinsCategories Web SecurityLeave a comment on Why You Are Not “Good Enough” to Avoid Malware

Compiling CodeIn my line of work, most of my colleagues are very technically savvy. Sometimes I will ask them about their views on different computer security products. More often than I would expect, I receive this response: “Oh, I think that is really important, but I don’t need it because I know what I’m doing.” When I press more on what it is they are doing that makes them immune, here are some of the possible responses, and my thoughts on each.

I’m careful where I click

Hmm, thats good. How are they careful. Maybe they don’t go to any site they haven’t heard of? So googling something, and clicking that perfect result is out of bounds for this person? Never clicking any link that has been run through a URL shortener like is so common on twitter? Staying away from sites that show ads? Never going to a site which doesn’t have perfect server security? If they did all these things then they really aren’t browsing at all. ANY site can be bad.  There are just too many ways that even the most trustworthy site can be turned malicious –  I will save that for another post.

I don’t use Windows

First off, I love Windows. It is my OS of choice, but it saddens me to say that this tactic does help. But why? Because Windows sucks? Not really, it is just a matter of targeting. When a hacker writes an exploit, he wants it to work on as many people as possible. Since most of the world uses Windows, he writes his exploit for Windows. It doesn’t mean he couldn’t have written it for any other OS, and there are times when hackers do write the exploits for the other OS’s. So while using a different OS will get you by most of the malware on the web, you are still counting on luck.

I’ve never gotten a virus before…

This one is classic on so many levels. So you’ve never been infected with malware before, therefore you must be immune… Hmmm, ok, lets assume that to be true, even though a child could tell you that it’s NOT. If you never use anti-malware products, and you have never been infected by anything, that tells me that you have never been infected by a poorly-written, or relatively harmless piece of malware. Those are the ones that you would be aware of if you were infected. A relatively harmless piece of malware would have a juvenile purpose: changing your desktop wallpaper, or showing you popups for porn sites. Not so bad. If the malware were more sinister, they want to make sure you don’t know they are there. They want to steal things from you without your knowledge. But if they are poorly written, they can crash your computer or other applications. But if it’s a well-written sinister piece of malware, that’s bad. You will not know it is there just by using your computer normally. Software specifically designed to find this stuff is the only way to know if it is there. You know, like anti-virus products.

Don’t fall into the trap in thinking you are just too smart to get infected online. It is a dangerous place out there, and it’s actually getting worse. In the old days, hackers wrote malware just to mess with people. Now they make money off of it. They are smart, and persistent. Do everything that you can to protect yourself. Here is a good starting point.