Twitters Gone Phishing!

One could argue that the infamous “Fail Whale” of Twitter has become an annoying little “Twitter Phish”.  I’ve received  hundreds of phishing attempts from friends and followers on Twitter because their accounts have been compromised.  The really scary part is that this could easily have been prevented… with just a little bit of common sense.

One of the first things that we need to address, is “How does someones account get hacked?”  This is common thinking, especially if they haven’t given out their password to anyone.  But the truth is that most people HAVE given up their username and password, and don’t even realize it.

I wrote up an article a few months back about twitter security, and it was a huge warning to folks on what would happen if they didn’t mind there P’s & Q’s.  Apparently  my message didn’t reach out  far enough  (Note the share buttons above and below this post)

Today alone I’ve had over 200 DM’s that were directing me to various sites about IQ tests, claims of me in videos , and other sites that I have no interest in.  But it seems that others (ahem) do enjoy such tests and videos, and are willing to supply their Twitter username/password to get the final results.

I’ve not taken any of these tests, but they usually are the same type. In the end, you are giving up your username and password to an untrusted source.  Do you know who’s on the other end? Is it an angel, or the devil?  We’ve all gotten fairly accustomed to popup warnings about security with 3rd party apps with Facebook, but we always tend to ignore what it’s talking about, and clicking through.  At least Facebook has a warning, and it’s there for a reason.  You’re giving private information to a programmer that you don’t know.  He could be collecting your data (name/email/password for example) and selling it to some spammer… or worse!

In the case of today’s DM spam, everytime they get a username and password, they DM everyone on your friend list a link to go take an IQ test (which is an affiliate link that makes the spammer money)

I’m not saying that you shouldn’t ever use a legitamate 3rd party app, but I am saying that you need to find and use applications smartly.  Third party apps that have a reputation in the community.  But don’t take stupid IQ tests (was that an oxymoron?) and jeapordize your twitter account.  What it they spammed your boss with hatemail?  or used your twitter password on your bank account?  In theory, you should have a unique password for every account you have, but I have a feeling that if you took the IQ test and gave up your password, you’re probably using the same password for everything.  So now your boss has fired you, and a hacker just wiped out your bank account.  Maybe it’s time to Google soup kitchen.

OK, you get the idea.  Don’t give up username & password to untrusted sources.

How do you get out of hot water with this Twitter DM spamming stuff?

Protect Yourself In Two Simple Steps:

1. Change Your Twitter Password!

2. In Twitter, go to settings->connections.  Revoke access to all 3rd party apps.

You’ll need to regrant access to the ones that you know and trust, but for now, just dump em all, and sort out the mess later.

I hope that clarifies a bit about how you got hacked, how your hacked account effects others, and how to clean up your hacked account.

Leave comments below if you find any more updates to these DM’s.

Leave a Reply