Why “Don’t” Means “Do” For So Many Internet Users?

Svetlana Gladkova,

on February 12, 2009,

No entrance here! There’s quite an interesting Twitter hack discussed today - that of “Don’t click” links that suddenly arrived to multiple Twitter accounts from the people they follow. Basically the hack involved updating a user’s status with a link that, when clicked, brought a user to a site using the so-called clickjacking technique.

The technique is a known vulnerability that tricks a website visitor to do things that he does not really want to do and does not realize he is doing when he actually is. In this case people were tricked into sending the links as tweets so that more and more people updated their Twitter statuses with the same links that did no harm but involved more and more Twitter users in the entire process.

Fortunately, Twitter team has been pretty good in fixing the problem right away as they reported the clickjacking technique has been blocked with an update already. There is nothing really surprising about this entire situation: Twitter has become popular enough to be exploited in every way cybercriminals are smart enough to invent. For example, we have already seen viruses distributed to people who clicked links posted by a certain Twitter account.

And of course Twitter spammers are nothing extraordinary with people trying to sell basically everything via their Twitter accounts. I have actually seen a job advertised on Odesk for a “Twitter maniac” who would follow thousands of people based on a number of criteria and unfollow them right away so abusing Twitter is obviously growing into a serious industry of its own.

And while Twitter team is doing a pretty good job in suspending accounts practicing some peculiar activities, the problem remains as spammers and cybercriminals will always find a way to abuse a tool if they like it enough. But anyway I don’t think there’s anything extraordinary here as like any tool with enough power Twitter will be used both for good and bad things and cybercriminals will obviously follow their victims where we are.

But in this particular case of the recent hack the irony is in the “Don’t click” prefix that every link sent by Twitter users affected by this hack had. Of course it looked like the link was posted by someone you knew and you thought it was a joke or an extra teaser so the first thing people did when they saw the instruction not to click the link was clicking it right away.

In fact, I remember I once had to post a couple of links with “Ignore this link” when testing JigTweets for Profy (this is a cute little application that allows you to post just about anything as a tweet). And I remember I was very surprised to receive way more replies than a usual update of my Twitter status gets from my followers. People basically admitted that they could not resist clicking the link I asked to ignore. I remember even thinking at the time that when I update my Twitter stream with a new post I should use “Ignore this” instead of the usual “New post” as this would have boosted the number of people actually clicking and reading the posts.

The cybercriminals are very clever people who certainly understand the psychology of an internet user good enough to know we will be certain to click a link when we are told not to while chances of not clicking a link when we are actually encouraged to click are much higher. And this understanding was exactly how they got so many people on Twitter into helping them distribute the links.

Of course this time this was basically harmless - you just helped distribute some innocent links that did not hurt anyone and did not infect computers with malware. But I guess everyone has already had an experience fighting a virus on a computer spending quite a few hours figuring out how to remove some piece of malicious code from your machine and keep all the documents and information safe and undamaged.

After you spend a couple of days fighting viruses you usually become more concerned with your overall safety and try to live and work according to a set of simple rules that will generally make your computer a safer place. These rules usually include never clicking suspicious links from emails and never opening files if you are not sure about where they originated from and using protection software, of course.

But have we not heard enough stories about how dangerous internet can be? Have we not got our computers infected with Trojans that knew how to steal our precious financial information from our hard drives? I have a feeling that everyone must have already been affected or at least heard terrible news about the malicious ways cybercriminals now use to hurt your computer everywhere they can reach you, even in the safe harbors like your favorite social networks.

So why do we still ignore the basic rules of ensuring our own safety when we browse the web? Why do we click links that read “don’t click” if we never open files we get from suspicious sources? Why do we behave like 3-5 years old children who keep doing only what they are told not to willingly and avoid doing what they are encouraged to do? Unfortunately I don’t have any answer here but I have a feeling that we should try to grow up a little not to feel ashamed about helping hackers after falling into a trap like this one.

How Brave Should One Be To Name a Startup Goofy?

JigTweets – New Twitter Tool to Send Just about Anything as a Tweet

Want To Read That SMS In Your Husband’s Phone? Your Machine Could Get Infected With a Trojan

OwlRead – a Google Reader for Twitter

5 Comments (Subscribe to rss)

Dena Bugel-Shunra - February 12, 2009 at 09:41 pm PDT

I came across it on an update from a friend who is renowned for her sarcasm. She is sometimes very hard to understand. If she says “don’t click this” she probably means “please click it”.

I find the style of speech irritating, but she’s interesting enough for me to ignore it - and she usually points to interesting places. Hence, I clicked. Lucky for me, the virus had already been disabled. I’m not sure how to protect myself from that sort of thing. In an email, if it doesn’t sound like a friend’s normal style, I write back to make sure they’re behind the link sent. Twitter doesn’t really make that viable. I guess I’ll start ignoring links…
David Hughes - February 13, 2009 at 06:51 am PDT

clickjacking….i love that term.

It never ceases to amaze me what measures people will use to try to pull a scam. I have had to unsubscribe to the comments on this site as my inbox was being swamped with all the spam comments.

The sad part for those guys is that they should realize all your links have so the search engines ignore them.
Svetlana Gladkova - February 13, 2009 at 08:17 am PDT

Dena, thank you for sharing your own experience, this is the explanation I thought some people would have. Really, there are people who speak in a manner that it is impossible to understand if they really mean what they say or if the meaning is quite opposite.

In fact, I have had a few spammers who hacked accounts of people I follow send me DMs with some links but I quickly realized these friends should not send me such links and messages with the text I got at the time. So I simply replied trying to make sure they actually sent these messages - which they did not, of course.

But of course in some situations it is just impossible to verify and ignoring the links until you are certain they are innocent but ignoring all the links sounds like too radical
David Hughes - February 13, 2009 at 09:09 am PDT

sorry, just realized my comment was incomplete as some words were missing because I put carats around them.

These spammers should realize that all your links have no follow so the search engines ignore them.
Svetlana Gladkova - February 13, 2009 at 09:23 am PDT

David, of course this must be obvious but it probably is not - even though people constantly discuss how all the links on Twitter are no-follow. The possible idea is that in the future they can lure people into some sites that will infect their computers with malware that will still some financial data or something - this will hardly work for SEO purposes and any sensible SEO expert should realize it.