Oh no! I accidentally clicked on a link to a phishing site! Did it happen to you too?!?!
In all seriousness, it did NOT happen to me, and it did not accidentally happen to you either. In fact, you did it to yourself.
Recently, there has been a tremendous increase in the number of Twitter phishing scams. I can tell, because I have been the recipient of many direct messages telling me that people are saying terrible, horrible, awful, very bad things about me online. This type of thing is number one on my list of types of messages to ignore.
Don’t know what Phishing is? The short answer is YOU get tricked into clicking on a link and then, you essentially give up your user name and password and someone hijacks your account. Most often on Twitter they start to bombard your followers with more phishing links via direct messages in the attempt to hack more accounts.
I have seen countless examples on Twitter:
“You seen what this person is saying about you (some type of phishing link) terrible things.”
“OMG is this you in this video (some type of phishing link)?”
Typically there is some type of grammatical error, the link is always a shortened link, and most of the time (but not always) the messenger is someone you do not know.
Let me be clear: No one is talking about you in some blog post, they are not uploading scandalous photos of you, and you have not been caught in some video without your own knowledge.
Stop falling for these messages when they end up in your inbox.
When curiosity really really gets to you and you just can’t resist checking into it….here is a way to tell if the message is real:
Send the person a direct message back and ask them if they really sent you that link. 99.9% of the time they will not reply because they have no idea their account has been hacked.
The other 0.1% of the time, they will reply and validate that they really did send you the link and it is safe to click on.
Don’t be gullible, stay away from links that seem suspicious or are from people that wouldn’t normally be sending you a link via Twitter this way.
How do you verify if a link is real or not?
12 thoughts on “How to Avoid Twitter Phishing Scams”
A terrific reminder. Thanks, Lisa 🙂
Thanks Lisa for talking about this because I have seen this in my Twitter feed a time or to. Is there a way to block those who send them to you?
Hi Stefanie, you can either unfollow the people who sent you the dm (they can only send you a direct message if you follow them) or you can block and report for spam. In most of these cases, they are not intentionally spamming you, they don’t even realize what their account is doing.
You noticed the sudden increase, too?? It’s been hitting my blog, also.
If you have HooteSuite on your phone, the app unravels the shortened link so you can read where it’s from WITHOUT opening it!
Great blog by the way.
Thanks, Lisa. Isn’t it silly what folks will do to pass the time? So, once someone has been hijacked, would you recommend that they change their password?
Absolutely. Any time this happens change your password immediately. Thanks Gile for mentioning this. That is the right thing to do
Great stuff. I’d also add that one should ask their friends to add at least a few words to a link if they’re putting it on Twitter to help identify if they’re actually sharing it or if their account has been hacked. I just won’t click on anything I don’t trust.
Great suggestion, I actually do that, tell them, not spam, this is a real link from me and its about …
Hey Lisa,
The person you are getting it from is the one that has been hacked right? For example:
If I got a tweet from you saying “You seen…” it would mean that you had been hacked right, not me.
I don’t click on stuff that is obtuse and I’ve changed my password 2 or 3 times in the last couple months, but I’m still getting these from people I do know…but I never click on them.
Thanks!
Absolutely. The person who sends account has been compromised. If you click the link same thing happens to you. You are smart not to click on anything questionable.
Lisa,
Thanks for the great post.
Two questions:
1) say I get a tweet from @someknownfollower of the “have you seen this bad tweet about you [phishing link here]” variety. Will @someknownfollower see this as one of the tweet’s they have sent? Or, if my account has been hacked, would I see these things in the tweets section of my profile?
2) most phishing sites I have heard about require entry of the information (e.g. Pin number at the fake bank site) – is this the case for the sites here as well, we then need to enter the info, or do they get it somehow automatically?
Thanks!
Hi David
Great questions.
1) Usually you can see these in direct messages that you have sent. You will also know because people will reply and tell you. Most people get irritated and let others know!
2) Yes, this is usually what happens, when you click on a link often (not always) you will be asked to sign back into your account and it will seem like the real deal. This is how the get the details of your account. Once you change your password you are good!
Lisa