Compromised Twitter accounts sending out spam DMs

Twitter spam DM

I’m not going to call out those I know who’ve had their accounts compromised like this, but I do want to talk about it. See, as a frequent user of Twitter, I have noticed an increase in the frequency that I receive dodgy, spammy DMs from people that follow me and I follow back.

Part of this is due to following a lot of people, but I think it’s a sign that people are either a) not scrutinizing the apps that ask for account access, thus allowing malware apps access or b) their email and password combination has been phished from elsewhere.

The possibility of a) is shown in some news that came out before Christmas, explaining how a Dutch teen hijacked thousands of Twitter accounts through the use of a Twitter app that he created. He did that to send a message, the app did nothing more than post a Tweet on users accounts telling them to be careful with what they authorise.

I’ve seen malware related attacks happen with Facebook users and I’ve seen it happen with Twitter users. CNET has had several articles on the issue and it is a continuing problem. However, in the case of the spammy, dodgy Twitter DMs that people’s accounts sometimes send out there is currently no known cause – malware is a suspicion  but it hasn’t been confirmed.

In the b) scenario, there is a chance that scammers could have sifted through information from the many numerous security breaches that take place every year, which lead to the revelation of individuals’ email addresses and passwords. People who use the same password across different platforms are in this instance vulnerable.

So, what can you do? You can follow the advice from the Sophos blog to:

  • Change your Twitter password
  • Revoke suspect looking third party application access in your Twitter settings (potentially apps that you don’t recall allowing or don’t seem to have a purpose)

But you also may want to consider following this further advice from Twitter, which suggest that you should:

  • (Do the above, plus)
  • Change the passwords of accounts for any third party services that have Twitter apps you’re using

Personally, I also think that you should:

  • Scan your PC for malware, using a program like Malwarebytes

I’m sure I’ll continue to see dodgy DMs on Twitter and suspect posts on Facebook as well, despite making this post.

I’ll also add that certain people I know are still far too click-happy when it comes to clicking on links and authorising applications. These people are all over the age of 40 and related to me. I really don’t like being asked to clean up the mess.


2 thoughts on “Compromised Twitter accounts sending out spam DMs

  1. I have been seeing an increase of/in email accounts being hacked and/or spoofed, I suspect hacking through guessing and/or hacking their passwords and/or security questions and/or other way(s) to access their account and/or malware used through traditional ways and/or network/website/phishing/browser exploit/java exploit/et cetera ways.

    Microsoft, Google, and Yahoo have short guides on protecting your email accounts that some of your readers might want to read:

    Some other advice is to keep your operating system & software & hardware drivers updated, use anti-malware software (anti-virus, firewall, et cetera), use stronger passwords & security answers and do not use the same password and/or security answer on more than one account, be careful not to give out too much personal information online & when giving out personal information make sure that the person you are giving it to is legitimate & when entering personal information on a website make sure that Https/SSL Encryption is being used on that website, do not click on suspicious or unknown website links or any links without at least submitting them to a link scanner service like Zscaler Zulu URL Risk Analyser/et cetera, use a browser extension like WOT (Web Of Trust) to help warn you about untrustworthy/dangerous websites & Adblock Plus (with Easy List and Malware Domains List) to block some annoying/dangerous ads/advertisements/websites & BitDefender TrafficLight (But not if you are using BitDefender Antivirus Free which already has website filtering) for blocking malicious websites, use a DNS service with website blacklisting like Norton DNS/et cetera, run your browser in Private Mode (Firefox)/InPrivate Mode (Internet Explorer)/Incognito Mode (Google Chrome), and the more cautious/technical users can run their browsers/some of their software sandboxed with a program like Sandboxie (I only use this sometimes).

    The biggest thing it to be more cautious & use common sense/basic logic/et cetera.

    Anyway, thank you for sharing this problem Emily, hopefully this information will help other people. 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s