If you’re on Twitter, you may have recently received or will soon receive some unsavory Direct Messages (DMs), though they look innocuous enough. However, if you click on the links in them, you’ll be taken to phishing sites and your own account will be compromised. Plus, it could be that your account is already sending the spam/scam DMs.
Here’s what you should know and do….
Just like with email or Facebook or anywhere, if you get a message that doesn’t seem legit, you shouldn’t click any link (or download any file) in it. Admittedly, this batch of Twitter DMs look harmless enough – they come from people you know and say things like “I love this! It works great!” or “is that you in this video?” and then have a link.
If you really thought about it, the messages probably wouldn’t be ones your friends or acquaintances would really send you – would they really recommend fat burning products, for example, or why send this question on Twitter and why as a DM instead of a @reply? However, we often tend to trust and click first, think later!
Instead of being from your friends, it turns out these messages come from accounts that have been hijacked, perhaps because their owner clicked on a link just like the one in the DM. It doesn’t actually matter how it happened, of course – the link is plain old bad news.
If you click on one of those links, you should immediately close the website you got sent to, go back to Twitter, and change your account password. If you clicked hours or days ago… still change your password!
To do this, click on “Settings” at the top of your Twitter screen. Then you’ll see:
Click on Password, enter a new password and click Change.
You also might take a moment to let the person who sent you the spam DM know that their account has been hijacked – some folks might not be aware, and they can take action, too.
If your account has been hijacked, you should also immediately change your password. To see if you’ve been hijacked, you can check your sent Direct Messages for “intruders” – messages you know you didn’t send.
If you see that you’ve sent out spam DMs, you should tweet a warning to your followers at large. Also, you might send DMs to the folks who your account spammed to warn them.
To keep yourself safe in the future, you should think twice before revealing your twitter account and password to any third-party software that needs it to access your account. Some software is well known and trusted (for example, I authorized Tweetdeck to access my account). When in doubt, though, Google the software and see what folks are saying.
You also don’t need to unfollow anyone – it wasn’t really your friend sending spam, and if they take action, the spam will stop.
It’s good practice to change your password with some regularity, on Twitter and all your applications. And when in doubt… don’t click on that link!
{ 3 comments… read them below or add one }
as an added precaution, anytime one account gets compromised its probably a good time to change all other accounts, especially is those compromised have email addresses on file.
i was compromised via twitter this morning (my sloppy mistake) and lost a couple hours going through all my accounts and resetting passwords. given that daylight savings time is upon us (a time i go through the house changing clock batteries) it seemed like a good time for some housecleaning.
Hi there,
you mean changing all the pssw of every single account on your computer ? Please let me know.
thnx
Julia Winston´s last [type] ..Julia Winston – Bangkok Travellings – An impressionistic journey into Bangkok – Part I
Thanks, Greg. My wife and I were wondering what was going on. There’s so many third-party sites out there I wonder if we’ve grown immune to when and where we type our passwords; or, like me, we’ve got out password set with TweetDeck, Seesmic, Ping, etc., so we get lazy and don’t want to change it very often. Housecleaning. Good idea.
–Dave Charbonneau
{ 1 trackback }