Block on Trump's Asylum Ban Upheld by Supreme Court
How many times have we told you not to click on that mysterious link? Perhaps Twitter CFO Anthony Noto wasn't listening. On Tuesday, Noto's Twitter account began spewing out hundreds of garbage tweets like "OMG when did you do this?" and "I can't stop laughing!" with links attached.
It's not clear how Noto's account was compromised. But the links to spam websites, it turns out, were likely phishing attempts -- which one of our editors nearly succumbed to, though he was saved by the company firewall.
Don't Follow That Link!
Urging users to click on a spam link is an insanely easy way to compromise an account. Unlike brute-hacking a password, which can be difficult and time-consuming (as well as next to impossible if the user has two-factor authentication turned on), a phishing attack can work in several ways: For example, it can send a user to a website infected with malware, or it can trick a user into entering his or her login information on a fake login page, allowing hackers to collect usernames and passwords.
The latter is what happened in to The Associated Press in 2013, in what appeared to be a targeted attack by a group called the "Syrian Electronic Army." The SEA sent emails to select AP staffers, collected their login information, then found a way into the organization's Twitter account.
To make matters worse, an attacker may assume that your Twitter credentials are more or less the same as those for your other accounts, like your email. This is a popular way to gain access to sensitive business information -- and it works only because the assumption is often correct. Many people use the same login information for everything.
'That's Amazing! I Have the Same Combination on My Luggage!'
So here's what you do to avoid having your Twitter account compromised, your other accounts compromised, and all your nude iCloud photos posted on Perez Hilton: