On Twitter this week, there’s been a rash of spam Direct Messages (DMs). Some read “ha ha! Is this you??” with a link. Others are… uh… suggestive and also have a link or email address you can click on.
First of all – DON’T CLICK THE LINK in the DM.
Whenever you get a DM or email or see a Facebook status update that is so non-specific or completely unlike what a friend would normally say, don’t click.
It’s Nice to Be Nice
If you receive one of these DMs, and you have time, it would be nice if you would tell the person who sent it to you that their account has been corrupted: they DO NOT KNOW they’re sending those messages.
Mind you, you have no obligation to let them know. It’s just nice, like telling someone they have toilet paper on their shoe or spinach in their teeth. If you’re busy or getting hundreds of messages (as I’m sure power users do) or not online, you can’t reply. That’s fine, too.
But if you were sending these tweets, wouldn’t you want to know?
Along these same lines, immediately blocking a friend isn’t necessary – they don’t mean to send you spam. If the same person keeps doing this, though… well, that’s a different story.
How Does This Happen?
This is my non-technical explanation… largely because I don’t fully grok the deeper technicalities, nor do I need to. Nor do you!
There are two ways “into” a Twitter account – the password and what’s called OAuth. In general, OAuth is not a bad thing – it’s merely a protocol which allows authorized access.
In the case of Twitter, we grant that access all the time when we sign up for third-party twitter apps like Tweetchat or Twibes or Tweetmeme. These are all trusted sites, and I’ve given them (and others) access myself.
The problems come when a third party app is or turns rogue, whether it’s using OAuth or your password. It doesn’t matter which – the result is the same.
When you give access to a “bad apple,” bad things happen… usually in the form of spammy DMs or tweets. Usually, the violations come from clicking unknown links and not even knowing you’ve given access. Sometimes, we just give our keys to the wrong folks, though.
And did I mention that we often don’t even know it’s happened? Ya. That’s why, when possible, letting folks know can help.
What Can You Do If It Happens To You?
If you learn your account is sending spam, it means that something has been compromised. Often, if you change your password, that puts an end to it.
To do that, click SETTINGS at the top right of the Twitter home page. Then click PASSWORD from the new menu atop this screen. Enter your old password and a brand new one and click CHANGE.
Sometimes, though, changing your password isn’t enough. To make sure you totally eradicate the problem, you can follow the steps in Michelle Wolverton’s post Recovering from Twitter Phishing.
It’s actually a good idea to follow those instructions anyway to see if you’ve give access to third parties you don’t recall. If you’ve been infected, why not clean up as well as possible?
Also, this would be a good time to change passwords at Facebook and other networks (particularly if it’s the same password!).
It’s nice if you tweet a public alert NOT to click on links in DMs from you. This also means that folks will see you know the news so they don’t have to alert you. You can even delete sent DMs, but if your account has sent hundreds, it might not be worth it (and most people will have gotten emails saying you DM’d anyway).
Don’t Panic
It can be pretty embarrassing to find out you’ve been sending out spam (particularly of the salacious variety). If it helps… you are not alone!
Twitter itself should be able to find a cure for this. These types of incidents render DMs pretty useless, so they have a natural reason to want to fix it. I hope they do.
In the meantime, help your friends, clean up your account… and DON’T CLICK THOSE LINKS.
{ 4 comments… read them below or add one }
There has been a rash of them this week for sure. Luckily, I was quick enough to know that most librarians wouldn’t be promoting Viagra! One step I took was to contact Twitter, not to report the contact themselves for spam, but to report that it was happening.
Someone also went to an education Ning I belong to tonight, to put up posts and discussions all over about how good their law firm is. If only they could grasp that theirs is the very last law firm any of us would ever use!
Book Chook´s last blog ..Letter to the Book Chook – Free Reading Material
Thanks for the information.
I just got one of these…ummmm…interesting tweets from someone (a famous blogger in the writing wrold). I sent her an email last night.
Sharon Mayhew´s last blog ..LITERARY AGENT MARK MCVEIGH…and ME
Yes, when a famous editor DM’ed me yesterday I was all excited… until I saw she was actually a sexually frustrated 24 year old who wanted me to help her… Sigh.
Good info about it happening, and it’s super useful to now know how to stop it if *I* suddenly become a sexually frustrated 24 year old woman…
Thanks for all you do!
Namaste,
Lee
Lee Wind´s last blog ..Chimamanda Adichie on The Danger of a Single Story
That same 24 year old woman DM’d me, too, Lee! What are the odds
And the idea of alerting Twitter (or wherever) about abuse is good when people have time. These types of issues aren’t what any network wants for their users. In this case, Twitter has been finding infected accounts, locking them down, and resetting the password (and sending out an email notification). Hopefully, they’ll find solutions to slow/stop these events earlier on….
Greg Pincus´s last blog ..Your Friends Don’t Mean to Send You Spam