Jump directly to the Content Jump directly to the Content
August 21, 2011

Protect Yourself from Phishing (and from Irritating Your Friends with Twitter Direct Message Spam)

In the last few days, I have received hundreds of spam Twitter direct messages from my Twitter friends. Many of them were quite, shall we say, graphic. Others are just the normal foolishness.

Here is the direct message I have sent out many, many times the last few days:

You have been phished. Pls change (and better protect) your password so you won't send out these direct messages. Thx.

Let me say a few things so you might avoid this and give some instruction on how to fix it at the end.

First, if Twitter suddenly asks for your password, check the address bar. If it does not say Twitter.com, it is a trick. That is why they call it Phishing. The request is the bait, the phony website is the hook, and you are the sucker fish. Simply put, you have been fooled.

A more technical explanation of Phishing can be found at Wikipedia . It explains:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

So, no, you were not hacked. You are not such a big deal that a team of people in another country are using a complex algorithm to break your password. Nope, you were fooled. So, announcing that you were "hacked" is not accurate-- just say, "Sorry folks, I fell for a Phishing scam."

USAToday explains:

"If you click on the link you are taken to a fake Twitter login page, where hackers are just waiting for you to hand over your credentials. In fact, they can automatically post the phishing message from your account as soon as you hand over your details.

There are good ways to apologize when you do this. MSNBC even wrote a story to help you do so.

But it's simple enough. Just say you made a mistake. One person wrote back to me:

Sorry about that... thanks for the heads up!

Pretty simple.

Of course, some get mad at you for telling them they were Phished. I received several emails saying, "I did not send out anything!"

Well, your account did. If you left your car running, in gear, and then walked into your house, then your car crashes into your neighbor's house, it is better to apologize then to say, "I didn't drive my car into your house." Just sayin'.

So, that is my rant for today... let's be careful out there people! I can't take another day of 200 Direct Messages without getting really grumpy.

If you need more information, here is a video of how these things happen:

A live Twitter phishing attack from Sophos Labs on Vimeo.

To fix it is simple-- change you password. If you can change it (and, yes, check the address bar to be sure you are at the right site), then the account is yours again. I would send out a tweet to be sure (see above for how to apologize). If you changed the password and tweeted your apology, you are fine... go and sin no more. ;-)

The Exchange is a part of CT's Blog Forum. Support the work of CT. Subscribe and get one year free.
The views of the blogger do not necessarily reflect those of Christianity Today.

More from The Exchange

Christianity Today

Protect Yourself from Phishing (and from ...