Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

My email address was shared on Twitter, but who cares?

View all posts > 

My email address was shared on Twitter, but who cares?

Posted: 19 Jan 2012 02:11 AM | Elad Sharf | no comments


 

Websense Security Labs™ has found that thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter.


We conducted research on how data that might be considered private is exposed via Twitter. The research focused on shared data, in particular email addresses, that can potentially be used against the one (or the organization) that shared it. During the research we monitored Twitter over a 24 hour period and found that users were publicly sharing email addresses connected with their inboxes, social media identities, and bank accounts. This leaves them open to advanced ‘social spear phishing’ attacks and spam campaigns.


Social spear phishing sees criminals attacking harvested email addresses with information gleaned from monitoring users’ Twitter conversations.  It's recommended that businesses update all acceptable use policies to warn employees of this risk.

 

Our research found that thousands of Email addresses are publicly shared daily via Twitter:

* More than 11,000 email addresses were shared worldwide

 

 

[Research data was collected over a 24-hour period in January 2012]

 

 

Gmail, Hotmail and many other free web-based email services are particularly under threat as cyber criminals can harvest social information on individuals via Twitter to break into these accounts.

 

We realise that sometimes you need to share your email address. Here are some security tips on how to best avoid your shared data potentially being used against you:

 

• Use direct messages (DMs) for sending email addresses to contacts on Twitter

• Treat emails from friends linking you to other sites with caution

• Never use passwords that can be inferred from publicly accessible information

Since email is an often used route into a company by cybercriminals, ensure your email security has superior malware protection against modern threats  

 

 


Filed under: ,

Leave a Comment

(required)  

Email address: (required)