Twitter Phishing – don't get reeled in

It’s an increasingly common Twitter dilemma – you receive a message from one of your friends or followers with grave news which goes something along the lines of “I’ve just seen this really bad blog post about you…” , “hey, i’ve been having better sex and longer with this here” or even “LOL is that you??”. Now when it comes to being photogenic, I’m more Cherie Blair than Nicole Scherzinger – upon reading anything like this, and before logic and reason have time to kick in, my mind flies into some sort of narcissism-fuelled frenzy: What if some terrible picture of me really is being plastered all over the internet?

Unfortunately for anyone misfortunate enough to click on the accompanying link, it’s game over: whilst you can breathe a sigh of relief that the world hasn’t actually been exposed to any of your unsightly snapshots, you can be sure that your followers will soon be plagued by the same sort of messages arriving in their inboxes. The phenomenon is called phishing (or, more accurately, Twishing), and its perpetrators aren’t angling for anything of the aquatic sort – it’s your password and bank details they want.

It happens to the best of us. The Press Complaints Commission, various journalists and even Labour Leader Ed Miliband have all fallen prey to Twitter phishing scams. However, the reality is that incidents like this can significantly damage your online presence – particularly if you are a company or business trying to uphold a positive public image. So, how can you avoid Twishing scams and what should you do if you find yourself the victim of one?


Don’t end up as catch of the day

It may be stating the obvious, but if something phishy turns up in your inbox, just don’t click on it.  Whilst Twitter only allows you to receive DMs from the people you follow, this won’t protect you if people you trust have been ‘twished’.  Check @safety to see if Twitter has reported similar spamming attacks.

Similarly, if the website URL on your login screen is anything other than, don’t log in!  Selecting to use HTTPS in your settings will also improve your account’s security. Likewise, it is possible to download handy add-ons for various browsers that allow you to expand any bit.lys or TinyURLs without opening them to check they’re not leading you to a harmful site.  Lastly, be wary about the applications that you hand over your precious Twitter deets to – these can be controlled and their access revoked through the ‘applications’ tab in your settings.


What to do if you get caught hook, line and sinker

If those crafty Twishers haven’t shut you out of your own account by changing your password, sign in and change it to something else secure.  It may also be worth apologetically Tweeting your followers to let them know that you’ve been Twished, warning them not to open any direct messages from you.

If you find yourself locked out of your account, either use the reset password link  to regain access or, if you don’t receive an email confirmation of changing your password, simply contact the folks at Twitter direct.  If the problem persists, go through your applications with a fine toothcomb and revoke the rights of any suspect programs.


By Hannah Stacey (@hanstacey)

Tags: ,

3 Responses to “Twitter Phishing – don't get reeled in”

  1. Katie Jamo
    January 10, 2012 at 10:51 #

    Great blog post Hannah. ‘Twisher’ is a cool name, I call them Tw@s ;-) x


  1. How to avoid social spam | The B2B Guide to Social Media - January 5, 2012

    [...] colleague Hannah’s (@hanstacey) post on how to avoid twitter phishing scams has been one of the most popular on the B2B Guide of late, and with today’s article on social [...]

  2. You’ve been spammed in the Facebook: How to avoid being a victim of Facebook spam | The B2B Guide to Social Media - January 10, 2012

    [...] the B2B Guide’s  series on slapping social spam in the face (which started with @HanStacey’s guide to dodging Twitter phishing scams), I now discuss Facebook, which reports that 4% of content posted on the network can be attributed [...]

Leave a Reply