Many people worry about hackers trying to break in and compromise their computer systems. But some people use an easier method to try to gain your personal information, such as your login ID and password: They ask you for it!

Of course, they do this through trickery. Most frequently, you’ll see this in the form of an eMail from a recognized source asking you to click a link to login to your account because of “new security measures” or some such thing.

Often, these are easy to spot because the message will be in poorly written English. Sometimes, they’re even easier to spot because they’ll supposedly be from a bank you don’t actually have an account with. Naturally, the scammers are sending out millions of such eMails, knowing that a good percentage of people will have an account at that bank and may fall for their scheme.

Emails purportedly from PayPal, an online payment service, are also common.

The eMails will typically have links that look legitimate. However, if you look at the source code of the eMail, you’ll see that the actual URL is not the same as the URL that appears. Sometimes, they may use something confusingly similar, such as using a common misspelling or a deceptive variation of the real URL. For example, imagine a bank is called “First Money Bank” and has an URL of firstmoneybank.dom. The phisher may use URLs such as these: firstmoneybank.phishersite.dom, first.moneybank.dom, firstmoneybank-online.dom, phishersite.dom/firstmoneybank.com, and so on.

They may not even be that sophisticated. They may set firstmoneybank.dom as the display URL, but the actual URL may not even be a domain name, but just a direct link to the phisher’s website using an IP address, like http://256.256.256.256/login.php.

Or, here’s another trick. Try to guess where the link will take you before you click it:
http://www.google.com@%64%63%72%62%6c%6f%67%73.%63%6f%6d
(Please note that this link may not work with some browsers and systems.)

Deceptive, isn’t it? If the link worked on your computer, it should have brought you right back to my blog, and not Google.

Of course, you don’t want to follow the link. But, if you did, you would most likely be taken to a site that looks very much like the site it is pretending to be. The phishers will generally duplicate it as closely as possible, perhaps even going so far as to grab the source code and images from the actual site and putting them up on their site.

If you login to the site, you will have given your login and password to the phishers, and they can then log into your account and transfer your money to their own accounts.

Some may even take things a step further and pass your login and password on to your actual account and take you to it. If that happens, you may have no idea that you’ve just been phished. You’ll have gotten where to expected to go, and the phisher will have grabbed your details. As such, you may not think anything unusual has happened and not think to change your password.

How to Spot a Phishing Message or eMail

As mentioned previously, a phishing eMail may appear to come from a legitimate source, such as your bank or maybe even a friend. (Spam messages will commonly use the same trick as well.) The phisher wants you to believe that the message came from someone or some business or organization that you trust. As such, you may let your guard down a little.

Of course, it may be easier to spot those that appear to be coming from a friend, because you may recognize that the message doesn’t quite match the manner in which your friend usually writes you. For example, perhaps they write in ALL CAPS, miXed StYleS, all lower case, and the phishing message isn’t written that way. Perhaps your friend is a good speller and the phisher is not, or vice versa. So, be mindful of messages that appear to be odd. Don’t be afraid to contact your friend directly to see if they sent you the message, instead of clicking any links to check them out.

Sometimes, too, the message may appear to come from a bank or other professional business, but the language is a little clunky. Generally, an oddly worded message is going to be a phishing message or spam. Most businesses, like your bank, will have professionally sounding letters. So, if it sounds odd, it may not be legitimate!

Of course, even if a message is very professional looking and properly composed, that doesn’t mean that it isn’t a phishing message. At any rate, most financial institutions aren’t going to ask you for personal information in an eMail.

Additionally, your professional contacts, such as your bank, will know your name! If a message purportedly from your financial institution doesn’t address you by name, be suspicious! Of course, be aware that, if they do mention you by name, it could still be a phishing attempt, because your name may have been harvested along with your eMail address.

Commonly, these messages will also try to generate a sense of urgency, trying to catch you off guard by putting you into the “I’ve got to take care of this NOW!” mentality, which may cause you to make rash judgments and login to a spoofed website, thus spilling your private account details. They may tell you about “new security measures” that require you to verify your account details, or they may suggest that someone tried to access your account from a foreign IP address and that you need to login to reactivate your account, or some huge amount of money for a product you didn’t order is going to be charged to your credit card if you don’t login and cancel the purchase. These are but a few examples, and you’ll no doubt see dozens more variations.

If you’re not sure if a message is a phishing message or not, and are worried about your account, you can call or contact the purported institution directly using contact information you already have on file, such as your credit card or bank statement, to inquire about it. Do not trust any contact information provided in the eMail!

How to Avoid Getting Phished

First, if there is any kind of form in the eMail, do not fill it out and submit it!

At this point, it’s a good idea to mention that there could be cases where a business or organization you deal with may have a good reason to send you a form you need to fill out and return to them. But, in the vast majority of those cases, you’ll likely have had some previous contact with them and may have been expecting the form. And, if you haven’t, you can always contact them to make sure they really did send it. Just be careful in case a phishing eMail arrives at the same time you’re expecting something legitimate!

If there is a link provided in the eMail, do not click it! If you want to check your account, go to your browser and type in the URL yourself. Don’t trust the link from the eMail!

If the eMail is from a phisher, clicking the link will take you to a spoofed website. It will be a site that is designed to look exactly like the site you were expecting to go to. But, when you go to login or enter other personal details, you’ll be handing over your data to the phisher.

Unfortunately, simply closing the website and not entering any information may not be sufficient to protect you! Some phishers are resorting to additional tactics, which may include spyware or malware. These may be transferred to your computer when you visit the spoofed website. Then, the next time you log onto your bank’s website or any other website the phisher was after, the spyware may record your keystrokes and send them to the phisher. Or, the malware may redirect you to a spoofed website rather than the real thing, and steal your information when you login to that fake website.

The risk of spyware, malware, trojans or viruses getting on your computer when you visit an unknown website is a good reason why you shouldn’t click on links in your eMail. Bottom line is, if you’re not certain a link is “clean,” don’t visit the site until you have authenticated the sender!

Other Tricks

Mind you, supposed urgent messages from your financial institution aren’t the only method phishers may employ to try to get your private information. Other tactics may be to try to appeal to your ego or maybe even your baser desires.

For example, you may receive a message informing you that someone has written something bad about you or your business on such-and-such website, and that you need to see it! If you go to the site, you may be asked to join (for a fee) their website before you can view the message (which may not even exist once you sign in, or may be some message written by the scammer themselves).

Or, you may get a message from a “hot” or “horny” girl in your area that wants to “hook up.” And, if you go to their website, you’ll be asked to join (for a fee) their website before you can contact the girl (who likely doesn’t exist).

Or, messages may promise free gadgets, celebrity nude photos, money, grants, discrete single women in your area, free checking accounts, naked webcam girls, credit reports, reunions, and so on. Mind you, some of these are just spam trying to get you to buy stuff and some may be scams. But, others may be attempts to get you to visit a site so that the site can place malware on your computer. Then, as mentioned above, when you login to certain websites or enter personal data somewhere, the malware may send all that information to the phisher.

In this case, it’s also important to note that, in some of these cases, you may reach a site that delivers what was promised, such as nude photos or whatever you were after. Because it may deliver on its promise, you may become less skeptical of it, and thus be completely unaware that the site may have secretly installed a piece of malware on your computer! Also, be aware of such sites that may ask you to download special viewing software to see the videos or photos or other content you were promised. These trojans may have malicious code that will spy on you as mentioned above.

In a sense, to paraphrase Forrest Gump, links are like a box of chocolates; you never know what you’re going to get!

Staying Safe

The best thing is to avoid visiting unknown sites. Of course, that’s not always easy to do. It’s pretty much counter to everything the Internet is intended to be! On top of avoiding “bad” sites, you also need to be aware that legitimate sites you visit could be hacked, and that phishers and other scoundrels may be using those sites to install harmful malware on your computer!

The only way to stay completely safe is to disconnect your computer from the Internet and never transfer any files to it from any outside source. Of course, the very reason many people use computers is to do those things, so for the majority of people, that kind of 100% security is going to be an unreachable goal.

Your best protection is to make sure you keep your system and browser up to date with all the latest security patches and upgrades. Also, having a firewall will be good additional protection. And, having a good anti-virus and spyware/adware/malware protection software will be a good idea as well.

This is my recipe, for whatever that may be worth. I’m calling it “Texas Buckeye Brisket” because it’s kind of a mixture of Texas and midwestern brisket recipes, plus my own ideas tossed in. It’s pretty simple, really.

Anyway, before the whole Twitter phishing mess, I had asked my followers on Saturday for any suggestions for a good brisket recipe.

I got recipe links and suggestions from @Vicki_Kunkel, @awakeinroch, @ReikiAwakening, @stephenfung, @PamperedMommy and @RoyalDook.

Anyway, I wound up mixing and matching ideas to come up with my own recipe.

Ingredients:
Brisket (I used 1 lb.)
Coca-Cola (about 6 oz.)
Salt (to taste)
Black Pepper (to taste)
Liquid Smoke (splash the brisket real good)
Dried Tarragon (tablespoon or two?)
Thinly Sliced Garlic (I used two large cloves)
Sliced Onion (enough to cover the brisket in a single layer of slices)
Sliced Carrot (just sliced some up and toss ‘em in)
Celery Seed (no idea, maybe a couple teaspoons)
Steak Sauce (enough to cover the brisket)

Directions:
I used a roasting pan lined the inside with aluminum foil for easy clean-up. I poured about 6 oz. of Coca-Cola on the bottom of the pan. The brisket fit nicely in the pan; it was just the right size.

I placed the brisket in the pan. I seasoned it with a little salt and pepper. Then, I splashed it with some liquid smoke. After that, I added some tarragon. This would be a good time to add the celery seed too, though I didn’t. And, it would have made more sense to splash the brisket with the liquid smoke first before adding the seasonings so that they wouldn’t get washed off. I was careful though.

Next, I added the garlic slices. On top of that went the onions, then the carrots. And then I added the celery seed but, as I mentioned, you should probably do that earlier.

After all that, I poured steak sauce over the top of the brisket and vegetables. I used A-1 Steak Sauce, but you can, of course, use your preferred type.

Then, I covered the roasting pan and placed it in a preheated oven at 300°F.

Cook until done.

I had a one pound brisket and cooked for about 3 hours. No, I don’t have any detailed measurements of anything, aside from the brisket and Coke, which I only know because I used about half a 12 oz. bottle.

Anyway, it was very good.

There has been a phishing scheme running around on Twitter this weekend. But, so far, it’s a relatively easy one to avoid becoming a victim of. Here are some tips on the phishing mess.

(For more details, you can check @CXI’s blog. He even set up a test account on Twitter to see what the phishers were up to.)

First, it is okay to check your DMs on Twitter. You don’t need to be afraid to check them. But, be careful about any links in messages from others, even if you know them. You won’t be affected by the scam just by reading your DMs.

If you click a link, DON’T PANIC! So far, there have been no reports of spyware, malware or viruses getting installed as a result of visiting the phishing site. If you’re concerned, you can run your anti-virus or anti-spyware/malware software to check your system out.

But, after clicking the link, it may appear as though you’ve been booted off Twitter and are being asked to login. DO NOT LOGIN! Look at the URL in the URL bar at the top of your browser. If it is not “http://www.twitter.com” or “http://twitter.com”, it is likely a phishing site. (See UPDATE VI below.) You do not want to give them your password. Just manually type in Twitter’s URL in your URL bar to return to Twitter.

As a precaution, you may also want to go into your browser and delete any cookies the phishing site may have sent.

If you’re not sure if you’ve logged into a phishing site (perhaps earlier, before you had heard about it), you might want to take the extra precaution of changing your Twitter password.

If you’re still really feeling uneasy, you can also run your anti-viral or anti-spyware software just to confirm you didn’t get hit with anything.

Please also be aware that the person (or persons) that sent you the phishing URLs may not be the actual scammer. Most likely, they were a victim and the phisher got their password and is now using their account to send more of the phishing DMs.

If you receive a phishing DM from someone, it’s probably a good idea to DM them back (or send an @reply if you can’t send them a DM) to let them know their account has been compromised and that they should change their password. This is the DM I send people:

Were you a phishing scam victim? http://bit.ly/HREm Might be a good idea to change your Twitter password!

The URL takes them to a site that tells them about the phishing scheme.

The URLs that have been used for the phishing sites have been blogspot.com URLs. They were set up to redirect to another site, which puts up a screen that looks like Twitter’s login page. The plan is that people will think they were knocked out of Twitter and log back in. When they do, they are taken back to the real Twitter site, so the victim may be totally unaware that they just gave their password to the phisher.

It’s important to note that not all blogspot.com URLs are phishing sites. I’ve seen people warning others not to open any blogspot.com URLs. But, there are plenty of legitimate blogs that have blogspot.com URLs. So, you don’t need to be concerned about blogspot.com URLs in general, just specific ones. And, even if you end up at the phishing site, as mentioned above, you should be okay so long as you don’t login on the fake Twitter site.

For people using OpenDNS or Firefox 3, it appears that both of those are now blocking the phishing site. But, still be careful out there.

The short of it is that you should be careful, but don’t become irrational over the phishing attack.

UPDATE:
Here are the known URLs of the phishing attack:
http://jannawalitax.blogspot.com/
http://twitterblog.access-logins.com/login
http://rosalierebyb.blogspot.com/

If a tweet or DM asks you to visit one of those sites, don’t.

Also, here are the known text of the phishing messages:

“hey! check out this funny blog about you…
http://jannawalitax.blogspot.com/”

“Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-logins.com/login”

“hey look at this funny blog http://rosalierebyb.blogspot.com/”

I have not made the URLs clickable, but I am showing the messages and URLs in their entirety so you know what to look out for. Also, I am not identifying the senders, as the senders are likely victims and not the actual scammers.

UPDATE II: How to Report Phishing Sites

PhishTank

For Windows Internet Explorer 7 users

How to Report a Phishing Site to Google

How to Report a Phishing Site to Yahoo

UPDATE III: Info from Twitter

Here is Twitter’s blog post about the phishing scheme. Here is the link to the Twitter blog itself.

UPDATE IV:

Found this post (by way of multiple people tweeting it) on How to Protect Your Twitter Account from Scammers. Good info with pictures.

UPDATE V: New DM Text

A new phishing DM is going out. This is how it reads:

“fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-logins.com/login”

UPDATE VI: URL Masking
As Robin indicated in the comments, it is possible for a site to mask the URL so that the URL in your URL bar will appear to be the correct URL. Fortunately, that has not happened in this current phishing attack, but it is something to be aware of, especially seeing how the phishers have been continuing to morph their scheme. The best defense is to manually enter the URL of the site you want to visit.

UPDATE VII: New DM Text

Another new phishing DM is going out. This is how it reads:

“heyy!!! i want u to see my blog!! http://blogtwitter.access-logins/login”

UPDATE VIII: Twitter Phishing Scheme is Not a Virus

Judging by a lot of the tweets out there, some people are confusing the Twitter phishing scheme with a virus. As of this writing, I have not heard of anyone getting a computer virus from the phishing site. Just because people you know might be sending you DMs with the phishing site URLs does not mean that they have been infected by a virus. Let me explain how this appears to work.

Yesterday, some phishing messages went out. I don’t know who the originator was. Anyway, these phishing messages directed people to another site. As far as I know, the first site was the jannawalitax.blogspot.com URL. If you went to that site, it redirected you to a page that looked like the Twitter login page. This tricked some people into thinking that they had been booted out of Twitter, so they logged back in.

When they did that, the phisher had their user ID and password, so they could access the user’s account.

Apparently, they turned around and used those accounts to send more DMs directing more people to fake Twitter login pages, from which they no doubt collected more user IDs and passwords.

They may not have even used all the user IDs and passwords they’ve collected yet, so this has the potential to continue for days.

That’s why it’s a good idea to change your Twitter password if you logged into a fake Twitter page. If you’re not sure, you might also want to change your Twitter password. Just because none of your followers haven’t received phishing DMs from you doesn’t mean that the phishers aren’t waiting until some future time to use your account to send them.

Of course, if you didn’t log into the fake Twitter page, at this point there is no reason for you to be alarmed.

Because the phishers are using the victim’s account details (user ID and password) to send these DMs doesn’t make this a virus. There is no evidence thus far of any virus being spread as a result. This is nothing more than the phishers using people’s passwords to gain access to their accounts and send DMs from them. Ergo, not a virus!

UPDATE IX: New DM Text

Yet another new phishing DM is going out. This is how it reads:

“Check out this blog type website. you need to see it.. http://bloggertwit.access-logins.com/login”

UPDATE X: Receiving Phishing DMs Not a Problem on Your End

If you receive a phishing DM, that does not mean that your account has been compromised. It means that the phisher got the password of the person sending it. Changing your password isn’t going to stop the DMs coming to you. Just delete the DM and move on. As suggested above, you might want to send a message to the person whose account sent the DM to let them know they’ve been affected and should change their password.

UPDATE XI: If Affected, Change Passwords on Accounts Using the Same Password

A good point from @CXI. If you were a victim of the phishing scam and have other accounts which use the same password, especially if they have the same user ID or a publicly known user ID, it’s a good idea to change that password on those other accounts as well so that the phishers can’t access them too.

UPDATE XII: This May Be What It was All About!

I’m seeing these new variants coming from affected accounts. Some I know to be affected because previous DMs sent the phishing messages. Others I am assumed to be affected.

“Wanna win the new iPhone? It’s so easy and cool, I love this thing! Visit: http://iphonewinner.info”

“Hey! I just got a FREE iphone from this website.. here http://helloiphones.com”

If you go to the site, you will be presented with a seemingly harmless series of questions. First, it asks for your gender. Next, it asks for your cell phone carrier to see if you are “eligible.” After that, it asks for your phone number.

In fine print, there is mention of a $9.99/mo. service. I am guessing that, by entering your phone number, you will be signing up for that service.

My guess is that’s what this whole thing may have been about. Twitter is heavily used by mobile users, so what better way than to try to trick them into signing up for a service than by luring them in with a “free” iPhone?

I would not enter your phone number into that site. I wouldn’t bother with it at all! Just delete the DMs and stay away!

UPDATE XIII: Free iPhone Offer Site May Not Be the Phisher

As mentioned in the previous update, the last known round of the phishing URLs were links to sites like iphonewinner.info and helloiphones.com. If you visit those sites, you get redirected to a site with the iPhone offer.

Something I didn’t notice until later is that, somewhere along the line, cookies are set in your browser. These appear to be affiliate cookies of some sort.

So, it’s possible that the phisher is an affiliate of the iPhone offer site, and that the site itself is not to blame. It may be a legitimate site.

If that’s the case, it should be relatively easy for the iPhone offer site to track down which affiliate of theirs is the phisher and (hopefully!) cancel their account and make sure the phishers don’t get any financial benefit from the scheme.

It appears as though the phisher’s plan may have been to collect user IDs and passwords so that, in the final round of DMs, the DMs would appear as though they were coming from one of your friends telling you they got a free iPhone. That could increase the likelihood of you signing up with the site, since a friend getting a free iPhone kind of mitigates the notion that the offer was “too good to be true.” Thus, that would increase the conversion rate, potentially putting more money into the pockets of the phishers.

Of course, it is also possible that the iPhone offer site is run by the phishers. I don’t know for certain, but we shouldn’t jump to that conclusion just because the phishers forwarded to that site. As I mentioned, the phishers could have been affiliates and were using the whole scheme to try to earn money through an affiliate program. We just don’t know for sure.

The bad thing, of course, is that if this iPhone offer site is a legitimate site, they could be suffering as a result now, because people will avoid them, thinking they are phishers.

UPDATE XIV: Was It a Success?

If the iPhone offer site is not run by the phishers, and they were setup as affiliates, there’s the possibility that the phishers may not benefit at all, if the iPhone offer site cuts them off. (Assuming, of course, that the affiliate program doesn’t offer an instant affiliate payment of some kind.)

If the iPhone offer site is run by the phishers, there is a good chance that they made some money off the deal. While it is likely that many people will notice the fee being charged to their phone bill, and either cancel or dispute it, it remains likely that some people wouldn’t notice for quite a while.

Some people were of the opinion that trying something like this on a social networking site wasn’t a good idea, because of how quickly the warnings could be sent to people. But, even this morning, there are people seemingly unaware of the phishing scheme. Even yesterday, in the midst of all the heavy tweeting and retweeting of warnings, there were still people tweeting their friends asking why they sent them a bad link.

So, it is possible for a scheme like this to achieve some success on a social network. Let’s say that out of the thousands and thousands of people on Twitter, only 500 people ended up getting signed up for that $9.99/mo. service. (I’m just using the $9.99/mo. as the example; there were varying rates for various carriers.) That’s $4,995. Or, if it was an affiliate program (and the phishers didn’t get caught) with, for example, a 10% referral fee, that’s still $499. That’s not bad for two days work, especially in parts of the world where a dollar may go farther.

This illustrates several things about Twitter:

1) Not everyone is on 24/7. So, just because one round of warnings get sent out doesn’t mean that everyone will see them. Some people got annoyed with all the warnings, but, if only one warning is sent out, that can be quickly lost in the Twitter stream.

2) All your followers don’t read all your tweets. You’d tweet a warning, even see it get retweeted, and still there would be people tweeting, asking about what’s going on.

3) Some people stay on their Replies page, so they won’t see general tweets.

That’s all common sense stuff, but also the reason why, in such a situation, multiple warnings may need to be sent out. Otherwise, and even still, people are apt to miss them.

Better yet is if people are educated about these things. Some people put up blog pages listing all the people they received DMs from. I don’t think that such a “Wall of Shame” is really necessary. Most, if not all, of those people will have been victims of the phishing attack. Why make matters worse for them by publicly identifying them? Send them a DM or an eMail. If you can’t do either of those, then, as a last resort, use an @reply to try to let them know.

Rather than call out the senders, it is better to let people know what to watch out for, by identifying the type of message being sent as well as the URLs those messages will direct them too.

Since the senders, the messages and the URLs are all subject to change, the best bet is to simply inform people of what to be on the lookout for in general. Phishing is here to stay, and simply waiting a few days for things to “settle down” isn’t going to change that. You will continue to get phishing messages in your eMail and, now, in your Twitter stream or DMs too.

Don’t rely on other people to warn you about a phishing scam! Learn what to watch out for!

UPDATE XV: Twitter Hacked Too

Twitter was apparently hacked into as well. Some high profile accounts were compromised. The problem has apparently been remedied, but no further details have yet been posted. Here is Twitter’s blog entry on the hacking. (Thanks to @KrisColvin for the tip!)

They recommend changing your password as a precaution. Even if you didn’t fall victim to the phishing scam, if Twitter itself was hacked, your account could be at risk too. So, do change your password as a precaution. This, unlike some of the mass hysteria yesterday regarding changing your password, is good advice. I am changing mine.

UPDATE XVI: Details from Twitter

Twitter has posted details on the hacking incident, which was unrelated to the phishing.

Monday Morning Madness

UPDATE XVII: New Phishing DM

This appears to be a new phishing DM. The site kind of looks legitimate, but the URL is being sent out by different accounts. So, it’s looking like those accounts may have been compromised by phishing, so I wouldn’t provide any personal data to the listed website.

Here is the text and URL:

“Heyy!! this website got me completely out of debt!! http://freedebt4u.com”

If you get that in a DM, I’d just delete it.

Today, Michael Kwan posted his “Top 10 Blog Posts of 2008.” It seemed like a good idea to steal borrow, except I’m doing a Top 12 because #11 and #12 were so very, very close to #10. So here were mine:

1. “The Long-Tail Search, or How Not to Be Such a Guy” (2008-03-01)
2. “Save Money and Be Happy” (2008-09-29)
3. “Hodge Podge, or What to Say to a Hot Mom in Her Used Lingerie with Obama’s Headshot Ironed On” (2008-07-27)
4. “Creepy Underwear Guys Seeks Swimsuit Model” (2008-02-09)
5. “How to Make $1,000,000 Blogging” (2008-01-28)
6. “Money for (Almost) Nothing” (2008-07-29)
7. “How to Succeed in American Business Today” (2008-10-03)
8. “Success Saturday: Putting Together an eCommerce Site” (2008-07-05)
9. “Some AdSense Secrets” (2008-04-16)
10. “First Test Post After Upgrade” (2008-08-23)
11. “Why Don’t You Want Me to Comment on Your Blog?” (2008-07-17)
12. “No One is Looking for You. Sorry.” (2008-05-19)

I included dates so you can see the relative strength of certain posts that didn’t have the advantage of being up as long as earlier posts. Just look how “Save Money and Be Happy” rose to the #2 position despite being online for only about 3 months compared with 9 months for the #1 post.

The #1 post did end up with nearly double the views of the #2 post though. As did #4 over #5. The remainder were much closer.

Traffic Sources

This may be surprising to some people. Here are my top traffic sources for 2008:

1. StumbleUpon
2. Google
3. Twitter

I’ve only been on Twitter since mid-August, and it already jumped to the #3 spot in my top sources of traffic to this blog! Twitter provided nearly 3 times as much traffic as the #4 source and about 6 times as much as the #5 source.

It’s important to note that I rarely tweet about a blog post. I don’t use Twitter as an RSS feed like some people do.

It’ll be interesting to see how this year shakes down in terms of traffic.

I think I pretty much stopped doing New Year’s Resolutions years ago. (If you made some, and plan to keep them, here’s an article with some good advice on keeping New Year’s resolutions.)

I do have some goals for the year though. Here they are in no particular order.

For one, I want to blog at least once a day, preferably with something substantive at least most of the time. I almost did it last year, so I think the odds will be good for accomplishing it this year.

I also want to become debt-free this year. It should have happened last year, but things just didn’t work out. And, that setback in September didn’t help either.

Beyond that, I don’t want to just become debt-free, I want to save up enough additional money to not only continue paying the bills and make some upgrades to stuff, but also to fund some of my various projects that I want to get done, such as this one.

So, what are your goals or resolutions for this year?

Best wishes to all for a great 2009!