Friday 15 July 2011

Avoiding the DM spam

With the current rash of compromised accounts it seems timely to remind people what sort of things to look for to avoid being phished. (not hacked - see previous post!)

Account harvesters rely on social engineering to get you to give them your ID and password. By making it seem that a contact is sending you the message it gives you a false sense of security. You're far more likely to sign in to a site your 'friend' has recommended.

When you get a random tweet in your public timeline with just a link on it, from someone you don't know, then it's easy to spot. When you receive a tweet or Direct message from someone you know it's less easy to spot. Here's a few things to think about:
  • Is it 'out of character'?
  • Would they normally use the public timeline and not Direct Message?
  • Is the spelling OK?
  • Have you seen any 'chatter' on Twitter about DM spam?
Sites such as Mashable often lead with stories of the latest phishing outbreaks (such as "is this you"). Take a look before you click.

If you've clicked on a link and are asked to 'sign in to twitter to see this page' (or similar) think carefully before you do. Check the web address: is it really an official twitter site? Chances are it's a disguised web address to try and fool you into parting with your log on details.

Sometimes, smartphones do take you to the twitter.com site rather than open the page in the app you're using - this is a rare occurrence and, in general, you're safer not logging in.

If you're in any doubt, tweet the person back and confirm whether or not it's really from them.


So, the worst happens and your account starts spewing spam, now what?

Change your password.

It's also a really good idea to go into the settings page on your Twitter account and revoke access as well.