Alastair Coote has launched “ismytwitterpasswordsecure.com”

Apr 24, 2013 21:01 GMT  ·  By

Major data breaches are usually followed by the emergence of malicious websites that leverage the incidents in an attempt to trick users into handing over their online credentials.

After the recent Associated Press Twitter account hack, many publications have highlighted the fact that usernames and passwords can be easily compromised. After reading such stories, many users might be tempted to use one of the many online services to find out if their passwords are still safe.

There are a number of legitimate websites out there, such as PwnedList, but there are also several malicious ones.

As Paul Ducklin of Sophos highlights, users who are not sure if a “password check” site is legitimate or not, should assume they’re all bogus and avoid entering their credentials on them.

To help raise awareness against such malicious websites, Alastair Coote, a web developer from New York has set up a clever little website called “ismytwitterpasswordsecure.com.”

“It's a scary world right now, guys. Your Twitter password can cause the Dow Jones to drop nearly 150 points and compel dozens of blogs to write breathless posts about the future of online journalism. You should be worried,” reads a message on the site.

However, when users start entering their Twitter credentials, they’re presented with the following warning: “Do you see ‘twitter.com’ in the address bar? No, you don't. Don't ever type your login and password to Twitter on a site that isn't twitter.com. Same with Facebook. And LinkedIn. I guess what I'm trying to say here is, don't be an idiot.”

There you have it, some great piece of advice.

In this case, it’s all a joke, but in a real attack scenario, as soon as you enter your credentials, they end up on a server controlled by cybercriminals. They can use your username and password for various purposes that will ultimately help them make a profit.

Stay safe!

Photo Gallery (2 Images)

Fake Twitter phishing site
Fake Twitter phishing site
Open gallery