Be very cautious of opening a link with in a Direct Message (DM) even if you think it is from someone you know. It will probably be a trick. I would say have had about 75 "people send me direct messages" about 50 of these are clearly fake hacking attempts of some sort. Some of these "people" have sent 5 or 6 of these hacking messages each. So you have some idea of the scale of the problem. If you think a friend has sent you a link via a DM, get them to re-post it publicly or email it to you!
DM are deadly.
...BUT more commonly now, you can get equally pervasive regular Tweets. We had an out break ourselves and it was simply created by someone clicking on the link within a Tweet (that looked genuine and came, allegedly from a friend).
So in reality these messages are not sent by a Tweep who has turned rogue, but by a "virus" (technically "malware") which has hacked into someone's account and seized control of it.
Never open a message/link that that says:
"Bet you didn't know they were filming you, lol xxxx"
"Hey, this person...."
"What are you doing in this video.... Link"
"When exactly lol ....link"
The latest is: "Have you seen this pic... Link"
(If you have Twitter set up correctly, and it is a "picture" you should just see it anyway).
How do you get Hacked?
So how was it done, and what can you do about it?
(1) If you follow one of these links on Twitter on a PC in a browser... that's it they got you!
(2) If you go to certain malware containing websites whilst you are still logged in to Twitter. Note; even though you have closed the browser unless you specifically logged out you are vulnerable.
(3) Your password may have been stolen, even because you were tricked or because Twitter itself was hacked. Twitter was hacked a while ago and millions of passwords stolen!!
(4) The more complex one. Many people, like myself, do not use Twitter's own apps or website to Tweet. We use "3rd party" applications which actually (usually) work better and include more functions.
So, Twitter do not allow just anyone to write a program to deal with followers and stuff... the "license" companies and we users have to also specifically grant applications permission to work Twitter for us. Sometimes, apparently, although I have not seen it first hand, these applications go rogue. They have presumably been hacked themselves! This "hack" will survive you changing your password! Note that changing your Twitter password does not affect many Twitter applications. If you have granted they seem to retain it even if you change password and don't tell the application!
You have to revoke access and then re authorize it!
What to do about it if you receive spam/phishing/hacking Tweets and direct messages from someone?
(1) Don't follow the link.
(2) Be nice, don't get cross... it's really not their fault.
(3) LET THEM KNOW (NICELY) AS SOON AS POSSIBLE and give them instructions on how to deal with the infection.
What do you do if you have been hacked?
Twitter have some official suggestions here: Twitter security FAQ
...but if you don't trust me now to click on the link (!!)... here's what you do.
(1) Remember every place where you logged on to Twitter (your phone, your PC, your friends PC?, your iPAD etc) and make sure you have logged off on each one NOT just shut it down, but properly logged off. If you are not sure try and send a message... you should now be unable to.
(2) Log back on on one PC/Mac and change your password.
(3) On this PC/Mac You have just logged onto and "revoke access".
(a) Go to the settings "cog" wheel top right.
(b) Select "settings" from the menu.
(c) then select apps on the left hand side menu.
(d) ...And "revoke access" from everything!!
(e) You should now be set. You may want to do all this and then change password of course again, to be really sure!
Hope this helps!!!!
Posted with Blogsy