How Cybercriminals Abuse Twitter, What They Get from It, and How to Stay Safe
View: An In-Depth Analysis of Abuse on Twitter
Twitter is one of the most popular microblogging and social network sites that can be found online. Nearly everyone who’s anyone – from big companies to celebrities – has a Twitter account from where they can update their followers in 140-character bite-sized chunks. It’s lightweight, it’s popular, it's widely-used, and it’s free – all the qualities of a social media platform that is perfect for cybercriminal abuse.
[Read: Investigating Twitter Abuse: Spam, Phishing, Links and Hacked Accounts]
The Forms of Abuse and Its Victims
So, how do cybercriminals abuse Twitter? Analyzing more than 570 million tweets, 33 million of which we found to be malicious, we discovered that cybercriminals abuse the service in ways similar to how they abuse most online messaging and social media platforms: by spamming posts and private messages with links to malware and malicious sites. These links may also lead to phishing websites, most of which mostly focus on stealing Twitter login credentials.
Analyzing this abusive behavior even further, we also managed to find the parts of the world where users fall victim the most to these types of abuse. The results of our analysis, arranged per type of abuse, as follows:
- Spammed Tweets: Users from Russia click and read more twitter spam than any other country in the world (50%), with the US second (27%). That the tweets were usually written in Russian contributed to the numbers. It's also due to the inherent nature of the Russian cybercriminal underground, of which dealing with cracked software and pirated movies are but some of its main activities.
- Twitter Phishing: Nearly half of all twitter phishing victims come from the US (49%) with Japan a far second (15%).
- Malware Links: Users in Saudi Arabia, Egypt and Sudan clicked the most tweeted links that lead to malware, 16%, 11% and 10% respectively.
[Read: A Look at the Scope And Scale of Detected Threats in the Twitter Landscape]
The Reason for Abuse
Why do cybercriminals abuse Twitter? Simply put, the platform's popularity ensures that they have a large number of potential victims (i.e. users) that they can attempt to victimize with just one click or tap on a link. It’s free, it’s fast, and with Twitter’s retweeting function they can spam their malicious tweets as much as they want.
The fact that Twitter’s built-in character limit encourages shortened URLs is also a bonus, as they can make malicious URLs appear legitimate and safe.
[More: Twitter Abuse: What Do Cybercriminals Get from It, And What Users Can Do]
How To Be Abuse-Free
So how can normal everyday Twitter users avoid these threats?
- Never click on a link tweeted to you by someone you don’t know, more so if the tweet itself is suspicious.
- Always verify with your contacts about any link they send your way, preferably through another form of correspondence.
- Report and block spammers. This can help sanitize your feed as well as notify Twitter to take down the spammers’ accounts.
- Never attempt to ‘buy’ followers from websites that offer them. These ‘followers’ will either be bot accounts, or compromised ones.
- Use two-factor authentication for Twitter as well as any other social media account you have and activate any other security measures you have access to.
Thankfully, Twitter abuse can be avoided, and Twitter itself is actively taking measures to help curb the abuse of the social media platform.
For a closer, deeper look at our findings and analysis regarding this matter, you can check out our relevant paper, An In-Depth Analysis of Abuse on Twitter.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases