Twitter is finally being proactive about the large number of phishing scams
that have plagued the micro-blogging service in the past year. On Wednesday,
Twitter introduced its own anti-phishing service designed to protect its users
from these types of attacks. The new security measures will focus on Twitter
direct messages (DMs) — private tweets addressed to a specific user — and
corresponding e-mail notifications. Twitter believes DMs are the primary source
of Twitter-based phishing attacks, and has not yet announced any plans to extend
the new service to regular Twitter messages.
DMs will now be routed through Twitter’s anti-phishing service to "detect,
intercept, and prevent the spread of bad links," Del Harvey, director of
Twitter’s trust and safety team, wrote in a recent blog post. After Twitter has
approved a link, it will be delivered to users via a new ‘twit.tl’ URL instead
of bit.ly, tinyURL or other link-shortening services. Twitter also claims that
if a bad link gets through to a user via e-mail, the company would still "be
able to keep that user safe."