Got Phished or “Hacked” on Twitter?
By Leah Mackey Schultz, Director of Social Media Operations, ACS Advertising
With the rise of Twitter phishing scams we must all know how to protect ourselves and avoid falling victim to this scam. Usually, these suspicious messages arrive in your Twitter Direct Message (DM) inbox saying something that *looks* safe like this: “when did you make this video? its hilarious, cant stop laughing lol [LINK]” or “have you seen these pictures I found of you? LOL [LINK].”
What is “phishing”?
Phishing - is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by a link that appears to be legit but often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. (source: http://en.wikipedia.org/wiki/Phishing)
Here is a screen shot of a sample DM that I recently received.
If you do click through, you are essentially (and willingly) giving your private login credentials to the scammers. Next, your Twitter account will automatically DM your followers with the same non legit DM. This is how this phishing scam has gotten so widespread… You receive a DM from a trusted friend/follower with a link that appears to be benign, you click it, and then it sends the same legit looking DM to your friends, and so on.
If you do fall victim…
- IMMEDIATELY change your password
- Delete all DMs that you received in your DM inbox AND all DMs that your account may have sent to your followers
- Check what 3rd party apps have access to your account by going here à http://twitter.com/account/connections. It will show who you’ve authorized to access your account. Don’t freak out if there are businesses/applications listed there. But, if you don’t recognize one of them, just click “revoke access”.
How do you prevent getting phished?
- Choose a strong password for all accounts. Using numbers, special characters and a mix of upper/lower case is suggested.
- Change your passwords frequently. 90 days is typically a safe time frame. Also, keep unique passwords for accounts, don’t use the same password for every account you own.
- Never share your private info with others.
- Do not keep passwords stored in an easily accessible location (like your desk drawer).
- Never click links or download files/attachments from unsecure or unknown sources.
- Be mindful of applications that link to your social accounts and regularly review/revoke access as necessary.
Twitter offers more information on their Safety & Security portal here: https://support.twitter.com/groups/57-safety-security