Have you been getting lots of direct messages in Twitter, from people that you know (or are at least familiar with from following) that look something like this?
Well, those are what is becoming known as direct message (dm) spam. They are spreading like wildfire across the Twitterverse (Twitter Universe?).
Here’s a brief explanation of what happens after you click on one of those messages and the simple solution that will fix the damage to your Twitter account if you have.
Let’s take the message above as an example. Whoever designed this scheme realized that all good cons need some element of trust. A message from someone I have never heard of would get ignored. But in this scam, since I know the person that message came from, it automatically appears at least a little more credible. The spammers are hoping that I may actually be curious to see if I am smarter than my friend, or hopeful that since I recognize the picture, I may just instinctively click on the link without reading the message. Experienced users may scoff at that, but the strategy appears to be working.
Back to the example. I click on the link and it takes me to a site that asks me for my Twitter credentials.
Again, playing on my trust, because I hand this information out to legitimate sources every day, I happily hand my password over to a non-legitimate source.
The spammers then use my Twitter credentials to hack my account and sent DM’s to my followers promoting their websites, like this:
If this has happened to you, and it is ok if it has, we are not judging, the simple fix is to change your Twitter password, and then be more careful about giving it out in the first place.
Also, get in the habit of being a little more vigilant about what links you click and who you give your password to. Don’t click on messages like these examples that sound like spam. It is not a crime to ignore some messages you receive. Especially if they don’t look quite right. At the very least, before clicking on any questionable message, respond to the person it came from, asking them if the link is legitimate.
BONUS TIP: Regularly check out who you have authorized to access your Twitter account by going into your settings page at Twitter.com and clicking on ‘connections’. If you don’t recognize an entry, revoke their access.
