Twitter Squatting – The New Domain Jacking?


It seems the latest target for spammers, opportunists and those into Domain Squatting is the registration of interesting or possibly valuable Twitter usernames.

Twitter has exploded recently as a new ‘micro-blogging’ platform and it works really well, especially when combined with more traditional blogging and the host of tools that have been build around Twitter to enable you to find tweets about specific topics or events easily.

Now Twitter has created a new supply of valuable “names”: Twitter IDs. They take the form of twitter.com/stiennon for instance. Have you signed up for your free Twitter ID? Do you own your surname? Company name? Brand identity?

Is there evidence of Twitter squatting (squitting?) Let’s check. Yup, every single-letter TwitID is taken. Some are legitimate (Check out “S” for instance, that is a cool personal email assistant service) but X, Y, and Z are place holders. How about common words? Garage, wow, war, warcraft, Crisco, Coke, Pepsi, Nike, and Chevrolet are all taken. My guess is that Twitter squatters have grabbed all of these in the hopes that they will be worth selling in the not too distant future. Of course the legitimate holders of brands can sue for them and Twitter can just turn them over if asked. But, because the investment and risk for the squatter is zero, you are going to see the rapid evaporation of available Twitter IDs.

I wonder if this will be the next lucrative business, people registered thousands of Twitter usernames and speculating with them.

Imagine if your name or company name is taken, it’s gonna be cheaper than litigation to get it back to just pay the guy a few hundred or a few thousand dollars. If you haven’t gotten a Twitter ID yet I suggest you bag your name now before someone else does.

How to protect your own brand? Immediately go to Twitter.com and determine if your name is available. Get it while you can. While you are at it, reserve all of the names associated with your brand. You may decide that any domain you have invested in should have its Twitter ID. It is the domain name squatters who will jump on this new land grab first after all. Reserving multiple Twitter IDs is easy. Twitter attempts to limit reservations by requiring a unique email address for each sign-up. That is circumvented by using the Google “plus sign” email trick. Simply append something (your new Twitter ID for instance) to your Google email address like stiennon+itharvest@gmail.com. Gmail treats that as stiennon@gmail.com but Twitter thinks it is unique. I expect Twitter to fix this flaw shortly. They may even require email confirmation.

So go and get registering, especially if you have anything to do with the online presence of a real business – go and register the business name and derivatives now. You could save yourself some money when later the CTO or CEO thinks blogging and Twittering may really boost your brand equity.

Who knows? Better safe than sorry right.

Source: Network World

Posted in: Phishing, Spammers & Scammers

, , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


3 Responses to Twitter Squatting – The New Domain Jacking?

  1. Pantagruel November 5, 2008 at 11:25 am #

    Squatting in general is lame, be it domainname or blogID squatting.
    Instead of getting a real job they just want to get some fast money by extorting a big company.

  2. navin November 5, 2008 at 12:58 pm #

    but it works…tht’s the point!!

    just think how much a domain name like linux.com or microsoft.com would be worth at the time of the company start

    and what they’re worth now!! :)

  3. Armen Shirvanian November 20, 2008 at 6:15 pm #

    The good names on up-and-coming services do tend to become unavailable quite quickly. One that has been successful in acquiring names that became in-demand would be motivated to look to the next new service they could build up a set of names in as well. A person can build up a reasonably-sized collection of names, and then wait for people to show interest before capitalizing on them.