Spam, Phishing, and Hacks – How to Shore Up Your Defenses

Twitter spam and phishing attacks are on the rise, which is unfortunate because it’s causing a lot of people to lose friends, often times unknowingly. For instance, last night I received nearly 25 spammy DM’s, all of which were from people that I don’t talk with on a regular basis. It left me in an awkward position because I didn’t have time to DM them all back to give them an update, but I knew that most of them were probably losing followers by the hour.

It all started with auto DM’s and Mafia Wars games. People would sign up, give access to the application, and then it would DM spam every one of their followers until either they all unfollowed them or they removed the application.

From there, it moved to more sophisticated attacks, such as the recent “Hey, is this you?” type of messages. There’s also the “hey, check out this I.Q. quiz thingy.” Although the links might seem harmless, they are actually bait to get you to click the link, give up your info, and then let your account be used against your will in the same way as before.

In the future, you can expect things to get worse, that is unless you do something about it. That’s why I want to educate you here, because it’s spam like this that can open your account to virus attacks, malware, or worse.

1. Don’t click DM links unless they are from someone that you talk to often or that you trust won’t fall prey to these attacks. If you see the same message over and over again, it’s a phisher. If you aren’t sure, then send a DM back and ask about the message. Most of the time, they won’t even know they sent one.

2. Check your outbound DM’s on a daily basis to make sure you aren’t spamming people. If you are, head to the next step.

3. If you do find your account compromised, then change your password immediately. In fact, it’s good practice to change your password often to avoid things like this. If your account does become compromised, it’s possible that you might lose access completely. If this happens, you’ll either have to appeal to Twitter to save your account…or you’ll have to start over from scratch.

4. Check your application preferences to see who you’ve allowed to access your account. Click on Settings -> connections to get that menu. If you can’t tell who’s using your account to spam others, then remove each one and start over. Only give access to programs you trust. Only use applications that use OAuth to access the Twitter API. If you don’t see it, then go elsewhere.

The problem with Twitter spam is that it often kills someone’s credibility and unless someone is kind enough to tell you that you are spamming them, you’ll see your follow counts dwindle without a clue as to why.

The best way to protect yourself is just to be smart and use common sense. If you see someone caught in a spam attack, let them know before you drop them. If that doesn’t work, then kindly move on. Remember, if the link looks suspicious, then it probably is.

Reblog this post [with Zemanta]


  • November 18, 2009

    Would be nice if twitter installed some backend spam controls to halt spam that looks like it’s comng from me.

    Still wouldn’t stop spammers @ replying their crap makign it look like I asked for it.. very annoying

  • November 18, 2009

    If is annoying, especially with the surge of phishing attacks. You would think that people would know better than to give up their passwords, but many still fall prey.

  • November 18, 2009

    I had to help one of our local non-for-profit organizations who got hit with the phishing scam last week. Also, while doing some research, I came across May be a tool to use before clicking on a shortened URL.

  • November 18, 2009

    I apologize, that link is

  • November 18, 2009

    I agree with John Paul.. and I’ve got some crap through @ reply too, it makes me very angry to be connected with their disgusting ****. I wish to know ppl who are behind this. They just came to injure another social network.

  • November 18, 2009

    Thanks for the great info! I hate getting spammed and I hate the backdoor trojans. Sometimes we all need to be reminded of the basics.

  • November 18, 2009

    Spam is one of the hardest things to deal with. However, if I see that people are spamming I just don’t meet them from my following.

  • November 18, 2009

    My account was hacked (my fault of course) and I spammed dozens of people. Thankfully someone alerted me to it, but it was too late. I changed my password and it ended.

  • November 18, 2009

    I realised I’d been sending out these auto spams about 3days late. I’ve since removed any access to applications like Maria Wars AND I’ve changed my password 3times…I’m still sending out autoDM’s I don’t know what else to do..

  • November 18, 2009

    I had a phish last week that looked like it came from a Twitter API application I use. It gave me a deceptive Twitter-looking login page. Within seconds of logging in I knew there was something wrong and hopped to real Twitter to change my password. Follow your gut, even if it is late. Just like The IRS will never send an e-mail and banks will not ask for info outside of their secure site. Common sense.

  • November 19, 2009

    This is a great article. I would also add that from what I’ve seen, most of these phishing DMs are coming from innocent people who don’t realize their accounts have been hacked or don’t know how to fix it. If you do see one of these DMs, let the person know about it and that they need to change their password. This blog post from Chel Pixie about recovering from twitter phishing is also helpful to give people who have been hit:

  • November 19, 2009

    THANK YOU for reiterating about not clicking links in your DMs! Even after I see a bunch of my tweeps tweeting that out, curiousity still gets the best of some.

    It’s the same thing when you go about protecting your computer. Sure, the virus and anti-spyware software will protect you if you end up at the wrong place but you don’t want to end up in that place to begin with.


Sorry, the comment form is closed at this time.