A new search technique allows spammers to harvest valid email addresses from Twitter users in real-time.
Twitter seems to be an obvious target for spammers. The new search technique used by spammers to gather large volumes of valid email address from Twitter users, is nothing complex. It is a simple process where the spammers use the search terms "email me at" and "contact me at" in a combination with a domain that the spammer chooses.
Why would spammers want to steal Twitter user's email addresses?
Spammers use the email addresses from Twitter users because they are valid and/or confirmed as working email addresses. This means the spammers are able to send out their malicious email messages to these harvested email addresses without any roadblocks. Most of the Twitter users who's email addresses were harvested are active email addresses. The Twitter users are not aware that their email addresses will be indexed by public search engines. This will allow the spammers to easily collect multiple valid email address from Twitter.
Email harvesting is not a new thing. It has been around ever since the beginning days of the internet and email. It has changed since then, and the hackers who use it for their advantage have changed the way that they collect working or active email addresses. They have used worms and various scripts to do the dirty work for them in the past. In the case of Twitter, it is actually stated in their TOS agreement, that any information that you post or list on your profile is your sole responsibility. Does that include your email address? It looks like it does because spammers are able to collect or harvest email addresses of multiple Twitter users through a search.
What can Twitter do to put a stop to this? They could start by giving users the option to either list their email address or not list them.
Do you use Twitter? Do you fear that your email address could be taken from Twitter and used to send spam messages?