The other day I got a Direct Message via Twitter. I think of myself as a fairly astute and savvy Internet user, and have never been bitten by a phishing scam. I am not saying that to turn myself in to a target. I am saying it because the other night I fell for the first piece in a phisher’s tricky puzzle.
The Twitter Direct Message was from someone I (believe I) follow. And the message basically said, “Someone is talking bad about you”, and included a link.
Now, I have received more than my fair share of notices from London barristers informing me that a long lost acquaintance has left vast fortunes in their estate. Indeed, if only I had a dollar for all the emails I have received with that message, I believe I would be wealthy (who knew that rich aunties could provide you with such a great source of passive income??).
So when I do get an email announcing wealth or winnings, I never believe it.
But a Twitter DM? That was different.
So, I clicked. And the result? Hang on for that…
The Back Story
First, let me tell you that before I clicked I ran through my mental checklist, first noting I was on my Mac Book Pro (fully patched), which gave me a higher confidence.
Second, as of one month ago, I actually am using antivirus on my Mac (it works well, and doesn’t dog the system down).
So, as I clicked I felt confident. And besides, I really wanted to see what bad thing it might be that was supposedly being said about me.
I fell not for the lure of riches. No, I rose to the bait of my pride being wounded by negative comments about me.
The truth is, phishing works because we want to believe or not believe something bad enough that we will throw caution to the wind. Phishing works because it exploits our own personal foibles or traits. Though I felt “protected”, I fell for the bait.
Did I Get Hooked?
After I clicked, I knew immediately I had fallen for a phishing tactic. How did I know? Was it my anti-virus that caught the problem?
Nope. It was my use of a free DNS service called OpenDNS!
The quick answer is that OpenDNS is a service that I use on my home network to keep the bad guys out. I do that by configuring my firewall (DD-WRT on a Linksys WRT54GL) to use OpenDNS instead of my ISP’s DNS servers. (If that sounds confusing, you’ll want to hang around for a future post on configuring your router to use OpenDNS.)
OpenDNS has an ever growing database of websites that it knows to be used by phishers or to be infected with malware. It blocks access to any computer on my home network trying to go to the site.
So…the moral of the story is, “An ounce of prevention is worth a pound of cure”.
In part 2 of this, I will walk you through how to configure OpenDNS for use on your home network.
What about you? Have you fallen into a phisher’s trap? What was the result? What steps have you taken to make sure it doesn’t happen again?
{ 10 comments… read them below or add one }
I’ve received those DMs but thankfully didn’t click on them. What I am getting frustrated with is the number of WordPress blogs that I go to that instantly try to download a virus to my PC. 99% are blocked by AVG Virus SW but one really nasty one got through and it was another virus scan company telling me that if I didn’t download their SW I would lose everything. Took 5 hours to clean it up and get rid of it.
I fully understand your concern. I certainly hope you didn’t have that experience coming to Thad Thoughts!
One other thing, if you are using an AV (like AVG) and you suddenly see a popup purporting to be from another AntiVirus company, you should be aware that is in fact the malware trying to get you to install it on your computer. That’s a common vector used by the bad guys to infect computers.
Dannnng I guess I never thought of one coming through twitter. Glad I saw this post. I know they are out there but sometimes we forget about them until it is brought to our attention again. I had the malware problem on my site back in february and it was a redirect to ad fly or bitly something like that.
Yeah – and it’s even easier with all of the URL shorteners like bit.ly and the like – you don’t know exactly where you’re headed.
But hey, if it works it will continue… so unfortunately we have to keep our guards up!
Yep. URL shorteners do make it more challenging.
It’s a sad reflection on our society that folks just sit around working hard to inflict pain on others they don’t even know.
Marie at FamilyMoneyValues recently posted..Vacation Homes – the Reality
Oh no. I have clicked on that before. I’m not even sure my click was on purpose. I just knew it wasn’t legit, but I didn’t think of phishers. YUCK!!!!
Roshawn @ Watson Inc recently posted..Student Loan Debt Destroying Quality of Life
I haven’t received these through Twitter yet, but I feel like this what every one of my SPAM comments is trying to do. I almost never click on anything I don’t recognize anymore.
MyMoneyDesign recently posted..Adding Gold and Silver to Your Investment Portfolio
I guess email is something we are all aware of; Twitter is newer, and we are having to be careful there too. Same for Facebook.
Ahhh I hate those! I’ve received a couple of those but I was lucky to hear about it before hand so I didn’t click on them. It’s troubling at first though.
Daisy recently posted..Are Bloggers Really Writers?
{ 2 trackbacks }