Twitter aiming to slash phishing e-mails sent from ‘Twitter.com’

February 17th, 2013 by admin Leave a reply »

If you get an e-mail saying it’s from Twitter, the social-networking company wants to assure you that it’s really from Twitter and that there’s no need to worry that someone’s out to steal your password.

At least, it’s almost certain that the e-mail you just got from a Twitter.com address is not a phishing attack, the company said in a blog post today.

Twitter said it has adopted a new security protocol known as DMARC that was designed by a consortium in order to cut way down on phishing attempts.

DMARC solves a couple of long-standing operational, deployment, and reporting issues related to e-mail authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give e-mail providers a way to block e-mail from forged domains popping up in in-boxes. And that in turn lessens the risk users face of mistakenly giving away personal information.

Twitter did not immediately respond to a request for comment about how big a problem these kinds of phishing attacks have been in the past.

In its blog post, Twitter said that all four major e-mail providers — Gmail, AOL, Yahoo Mail, and Hotmail/Outlook — have signed on to the DMARC protocol in an industrywide attempt to make e-mail just a bit safer by preventing messages that seek to pilfer users’ personal information from ever making it into their in-boxes.

Then again, in its blog post, Twitter said only that it’s “extremely unlikely that most of our users” will get phishing attacks purporting to be sent by Twitter. That leaves the company a little wiggle room in case the practice continues, or if the phishing community figures out a way to bypass the DMARC protocol and resume its nefarious work. After all, if there’s one thing that’s guaranteed to get hackers and bad actors looking for a way to keep doing their thing, it’s a public announcement that they’ve been neutered.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Leave a Reply