With the rash of DMs and messages from people, it’s obvious that some ratfink A-holes are hacking into other people’s Twitter accounts and using them to DM their followers about weight loss or making money on Google.
If you’re lucky, you’ve only been receiving these DMs. If you’re not, you got hacked.
Michelle Wolverton at ChellePixie wrote a great post about how to recover from these Twitter phishing attacks.
Step 1 & 2 are the best advice: Stop clicking the links that get you hacked in the first place.//No seriously. Stop. (Erik’s step 3: Are you f—ing kidding me? I said stop it!!)
The problem is, these hacks are not just coming in from phishing links. We’re also being attacked by Twitter apps that ask for OAuth access into our Twitter accounts. Or it’s the older apps that ask for your name and password. It’s something we trusted, and our trust was betrayed.
It’s hard to resist sometimes. You hear about this great new app that will measure your Twitter followers, tell you how popular you are, and will even show you within three decimal places how much Chris Brogan likes you.
But don’t feel bad. Even John Wall of MarketingOverCoffee podcast fame — my favorite marketing podcast — got hacked too. Turns out it was one of several apps he was trying out.
The rest of Michelle’s advice, in a nutshell: clear your disk cache and quit your browser. Re-open it, and change your password, then revoke your OAuth permissions. You know what? Just go read her article, because she covers it much better than I will, and I don’t want her sending me angry emails about stealing her stuff.
The moral of all this? Some people are liars. Or damn liars. Or statisticians. If you were struck by the spam virus/phishing attack/e-demon possession, I’m not blaming you — very much — because you were probably tricked into becoming a victim. But you were tricked because you clicked on a link that came from someone you trusted. Yet, they were tricked by someone they trusted, and so on. You were lied to because they were lied to.
So here are three ways you can avoid this kind of thing in the future:
- Don’t authorize any external, third party apps to access your Twitter account, whether you’re using OAuth or the old username/password method, UNLESS you know for sure that they’re safe. If you’re not sure, ask other people whether they’re using it. Don’t even blindly trust people like Chris Brogan or Jason Falls. After all, John Wall got tricked, and he’s pretty smart. If you’re not sure, play it safe, and just don’t use it to begin with.
- If you get a DM from someone that doesn’t sound like something they would send, especially your friends, email them and ask if they sent it. If you don’t have an email, @reply them and ask. Don’t make them feel bad, just say something like “Just checking: Did you mean to send me a DM about how much money you made on Google?
- Install the Power Twitter plug-in and the Bit.ly Preview plug-in on Firefox (step 4 – Use Firefox, not Internet Explorer). These plug-ins will let you view most shortened URLs to see if they’re really going where they claim. Bit.ly Preview will work on any bit.ly links on any website, and PowerTwitter will do it for nearly any link on Twitter. The latter has saved me from a few links.
Finally, change your password, even if you haven’t been hacked. It’s a good practice to have anyway, but changing it once in a while is just smart.