I’m not going to call out those I know who’ve had their accounts compromised like this, but I do want to talk about it. See, as a frequent user of Twitter, I have noticed an increase in the frequency that I receive dodgy, spammy DMs from people that follow me and I follow back.
Part of this is due to following a lot of people, but I think it’s a sign that people are either a) not scrutinizing the apps that ask for account access, thus allowing malware apps access or b) their email and password combination has been phished from elsewhere.
The possibility of a) is shown in some news that came out before Christmas, explaining how a Dutch teen hijacked thousands of Twitter accounts through the use of a Twitter app that he created. He did that to send a message, the app did nothing more than post a Tweet on users accounts telling them to be careful with what they authorise.
I’ve seen malware related attacks happen with Facebook users and I’ve seen it happen with Twitter users. CNET has had several articles on the issue and it is a continuing problem. However, in the case of the spammy, dodgy Twitter DMs that people’s accounts sometimes send out there is currently no known cause – malware is a suspicion but it hasn’t been confirmed.
In the b) scenario, there is a chance that scammers could have sifted through information from the many numerous security breaches that take place every year, which lead to the revelation of individuals’ email addresses and passwords. People who use the same password across different platforms are in this instance vulnerable.
So, what can you do? You can follow the advice from the Sophos blog to:
- Change your Twitter password
- Revoke suspect looking third party application access in your Twitter settings (potentially apps that you don’t recall allowing or don’t seem to have a purpose)
But you also may want to consider following this further advice from Twitter, which suggest that you should:
- (Do the above, plus)
- Change the passwords of accounts for any third party services that have Twitter apps you’re using
Personally, I also think that you should:
- Scan your PC for malware, using a program like Malwarebytes
I’m sure I’ll continue to see dodgy DMs on Twitter and suspect posts on Facebook as well, despite making this post.
I’ll also add that certain people I know are still far too click-happy when it comes to clicking on links and authorising applications. These people are all over the age of 40 and related to me. I really don’t like being asked to clean up the mess.