Twitter Routing All Links Through New Anti-Phishing Service

A site more or less built around shortened links, Twitter is a veritable Candyland for Phishing scammers — a phenomenon that has really taken hold in the past year or so. But looks like the recent LOL phishing scam that ultimately became a huge spam wave has made Twitter to put some breaks on such attempts and Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year.

Yesterday, Twitter introduced its own anti-phishing service that allows Twitter’s Trust and Safety team to monitor all links submitted through the service for potentially malicious attacks. The new security measures will focus on Twitter direct messages (DMs) — private tweets addressed to a specific user — and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages. Part of the new feature will involve the use of Twitter’s link shortener twt.tl, which may now start popping up in some of your emails and direct messages.

In a blog post, Twitter’s director of trust and safety, Del Harvey, said that the company is deploying the service as a way to keep users safe from the increasing levels of phishing and other malicious activity on the site.

” Today, we’re launching a new service to protect users that strikes a major blow against phishing and other deceitful attacks. By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we’ll be able keep that user safe. Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications.” Harvey wrote in the blog post.

Of particular note is that, regardless of what URL shortener Twitter users use, they might end up seeing links shortened to a twt.tl domain. Does that mean that Twitter is putting the other URL shorteners out of business by creating their own? Maybe. That would be bad news for URL shorteners like bit.ly, who’ve made a business out of offering advanced analytics to uses who submit links through their website.

We’ll be watching our timelines for twt.tl links in the coming days and weeks, and more importantly, we’ll be keeping our eyes out for hackers who manage to get around the new system – because nothing is flawless when it comes to internet security.