Wednesday, October 19, 2011

One Bad Phishing Trip


Twishing – the act of sending a message to a Twitter user in an attempt to obtain his or her name and password. The message may instruct the recipient to visit a Web site where he or she is asked to log in. The Web site, however, is bogus and set up only to steal the user’s information. Twishing is a combination of the words Twitter and phishing.



Boy do I feel stupid.
The direct message came in to my twitter account on Monday afternoon.
From a “friend”.
It read...
"Hey what's up with this bad blog thats going around about you?"
Followed by a link to that bad blog.
What!
Someone said something bad about me?
How dare they!
Who are they?
What did they say?
What did I say?
Was it that last blog I wrote?
That line about....
What’s wrong with a little honesty?
I must know.
And I must now know!!!!
So I did what every self-conscious.
Insecure.
I-just-want-to-be-loved-is-that-so-wrong blogger would do.
I clicked on the link.
That’s the stupid part.
It was a left hook to the gut.
I just didn’t feel it.
Yet.
The link sent me to a twitter homepage.
Or at least a page that looked like a twitter homepage.
Now for the REALLY stupid part.
It asked for my login name.
And password.
Check.
And check mate.
The entire time I’m sure there was a little voice in my head screaming NOOOOOOOOOOOOOOOOOOOO.
But all I could hear was... “BAD BLOG ABOUT ME?” 
Within seconds of clicking on that link.

...
...
...
Nothing.
Absolutely nothing.
No bad blog.
No explanation.
No nothing.
It was at that exact point that this genius realized there was a phishing hook firmly planted in my beak.
D’oh!
Something had gone terribly wrong.
Like my lack of a brain.
I didn’t pass go.
I didn’t collect $200.
But what I did get.
Was a virus.
A virus that spent the night sending hundreds of direct messages to each of my beloved twitter followers.

The message read like this:
"Hey what's up with this bad blog thats going around about you?"
Look familiar?
Newman!
Unfortunately I had no idea this had happened until I got up the next morning.
6:22 to be exact.
I rubbed my eyes.
As I always do.
Then rubbed them again when I saw my inbox.
By the time I made it from the iPhone to the iMac.
I knew I was iScrewed.
    • ??
    • Got this from you.  What do you mean?
    • Is that link good?
    • I believe you’ve been hacked.
    • Change your password.
Enter panic mode.
I immediately changed my twitter password.
As instructed.
I deleted the two tweets.
That were not from me.
Then I clicked on my messages folder.
Where I saw all of the emails my account had sent out.
Hundreds of them.
Which felt like millions.
And they all said the same thing:
"Hey what's up with this bad blog thats going around about you?"
Followed by a link to click on.
I started emailing people to tell them what had gone on.
And to NOT click on the link.
And that I was sorry.
VERY sorry.
At that point my phone rang.
From a friend.
No quotes.
A friend who received the direct message.
He informed me that I had been hacked.
Thanks for that.
I felt so bad.
At the time I really didn’t know how much damage had been done.
But the fact that my momentary lapse of reason brought this on really pissed me off.
It would be easy to blame it on the hacker.
Or the twitter.
Or the whatever.
But the bottom line is I was the one who put my fingers through the flame.
Even though I should’ve seen the fire from a mile away.
But somehow my friend talked me off the ledge.
He explained that I was the victim here.
Not the guilty one.
This was like my house being robbed.
My cyber-house.

Oddly enough, that was the same exact point my brother made on the phone with me an hour later.
There must be a handbook on how to talk to people who have been hacked.
But it helped.
And after I changed my password the messages stopped going out.
Which helped too.
A day later, the damage seems to be minimal.
Thankfully.
Fingers crossed. 
Fortunately most of my friends were smarter than me.
And they didn’t click on the link.
And maybe best of all.
There was no bad blog about me.

Until now.





No comments: