Avoid TwitViewer phishing: use OAuth-friendly apps

It came across my Twitter feed in the early morning, a sea of users all sending the same message: "Want to know whos stalking you on twitter!?: http://TwitViewer.net."

The site, whose domain was registered today through an Arizona proxy service, promises a photo-gallery-like display of the last 200 people that came to your Twitter page. The cost for this service? Nothing, save for your Twitter user name and password. The catch? You just gave up your Twitter authentication credentials to a site you know nothing about. Proving this point, the site automatically sends the aforementioned message through your Twitter account sans permission and auto-follows you to the Twitter accounts of any of the random photos you click on--people who you're led to believe visited your account.

Twitter itself now recommends that users who signed up for the "service" change their passwords. But it's not like this suggested scam was unavoidable in the first place. In fact, there are two large barriers between you and any scamming site on Twitter: Your brain and OAuth.

It's worth doing a little background research before you blindly toss away your primary login credentials to any Twitter-themed Internet service (or anything on the Internet, for that matter). Does the site look legitimate? Your gut feelings might be more accurate than you first think. Is what the site's offering even physically possible? I can't think of way that a third-party site, using only your Twitter login and password, would be able to track other Twitter users that have clicked on your Twitter page.

As for OAuth, this is an authentication protocol for desktop and Web applications that's designed to keep your login credentials secure from third parties. Applications that support OAuth don't ask you for your user name or password directly. Instead, they send a request to Twitter and ask it for permission to access your account.

Instead of logging into a third party to deal with this request, you sign into your Twitter account through Twitter's trusted servers as you normally would. The actual handshake for permissions takes place through Twitter. Once you've given the application access to do whatever, Twitter generates an access key for the app that can be configured based on varying levels of access or time. You control the approval process and terms, and you can even remove an application's permissions after-the-fact.

Not all desktop and Web applications currently support OAuth, but it's a far more secure method of giving third-parties access to your account than simply sending over your user name and password. If you have to do the latter, make sure that you implicitly trust the site to hold this information--and your account--in confidence. The TwitViewer situation affected even some of the more Net-savvy folk on Twitter: Don't let it happen to you!

Update 12:44 PST: TwitViewer.net is now down for the count!

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags twittersocial networkingphishing

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

David Murphy

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?