Recently I’ve seen a lot of otherwise sensible people trusting random websites with their twitter username and password. In exchange the user gets an number that somehow ranks them on Twitter.
As seen with the twitterrank.com app, there’s also an option to post your score to twitter, thereby getting your friends to go to the site and post theirs, so it can quickly go viral.
Now, if I was evil, it would be a trivial matter to create my own app that stores users login details and assigns a random number to their score. Hey, why not make it a high number too, to make people feel good about themselves? 
Wihin a short amount of time, you’ve got a viral phishing scam where users voluntarily give you thier passwords. A bad guy’s dream.
Sure, you might have a different password for every web app, and immediately change your password after using something lke that.. but I bet the majority of people don’t..
Latest Comments