FEATURE > Twitter "care"

Ever since last month’s phishing attacks on Twitter, Symantec Security Response has now detected a wave of fake Twitter invitations that come carrying a mass-mailing and malicious worm.

The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.

Here is what the message looks like in an inbox:

And here is a sample header:

From: invitations@twitter.com
Subject: Your friend invited you to twitter!

Consumer advice given is to:

Check the validity of the website: If a user clicks on a link, double-check the actual domain that is shown at the top of the page. It’s best practice to type the direct Web address directly into your address bar rather than rely upon links from a message. Also, be cautious of clicking on attachments within emails from generic email addresses, rather than specific contacts.

Create a spam filter. Spam is rarely addressed to you personally, so it's important to configure your filter to reroute email that is not directed to you or does not have your email address in the "To" field. Test the filter to see how much, if any, legitimate email is tagged as spam. If this occurs, simply adjust your filter settings to allow addresses commonly mistaken for spam to reach your inbox.

Educate yourself on secure email practices. Never fill out forms in email messages that ask for personal or financial information or passwords. Remember that legitimate companies will never ask for this type of information via email. Do not click on suspicious links in your email.

Use an email security solution. This solution should protect your network from spam and viruses while still allowing legitimate email through.